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About the Open Logic Project 


Preface 


This is an introductory textbook on modal logic. I use it as the 
main text when I teach Philosophy 579.2 (Modal Logic) at the 
University of Calgary. It is based on material from the Open 
Logic Project. 

The main text assumes familiarity with some elementary set 
theory and the basics of (propositional) logic. This material is 
part of a prerequisite for my course, Logic II. The textbook for 
that course, Sets, Logic, Computation, is also based on the OLP, 
and so is available for free. The required material is included as 
appendices in this book, however. I assign these appendices for 
background reading whenever I teach the material. 

Part I is originally based in part on Aldo Antonelli’s lec- 
ture notes on “Classical Correspondence Theory for Basic Modal 
Logic,” which he contributed to the OLP before his untimely 
death in 2015. I heavily revised and expanded these notes, e.g., 
the material on frame definability and tableaux is new. 
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Introduction 


Modal logics are extensions of classical logic by the operators 
O (“box”) and © (“diamond”), which attach to formulas. Intu- 
itively, O may be read as “necessarily” and $ as “possibly,” so 
Op is “p is necessarily true” and Of is “p is possibly true.” As 
necessity and possibility are fundamental metaphysical notions, 
modal logic is obviously of great philosophical interest. It allows 
the formalization of metaphysical principles such as “Op — p” (if 
p is necessary, it is true) or “Op > O00” (if p is possible, it is 
necessarily possible). 

The operators 0 and © are intensional. This means that 
whether OA or A holds does not just depend on whether A holds 
or doesn’t. An operator which is not intensional is extensional. 
Negation is extensional: —A holds iff A does not; so whether —A 
holds only depends on whether A holds or doesn’t. O and are 
not like that: whether OA or >A holds depends also on the mean- 
ing of A. While ordinary truth-functional semantics is enough 
to deal with extensional operators, intensional operators like O 
and © require a different kind of semantics. One such semantics 
which takes center stage in this book is relational semantics (also 
called possible-worlds semantics or Kripke semantics). 

For the logic which corresponds to the interpretation of 0 as 
“necessarily,” this semantics is relatively simple: instead of assign- 
ing truth values to propositional variables, an interpretation M 
assigns a set of “worlds” to them—intuitively, those worlds w at 
which is interpreted as true. On the basis of such an interpre- 
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tation, we can define a satisfaction relation. The definition of 
this satisfaction relation makes DA satisfied at a world w iff A is 
satisfied at all worlds: M,w t OA iff M,v t A for all worlds v. 
This corresponds to Leibniz’s idea that what’s necessarily true is 
what’s true in every possible world. 

“Necessarily” is not the only way to interpret the 0 operator, 
but it is the standard one—“necessarily” and “possibly” are the 
so-called alethic modalities. Other interpretations read O as “it 
is known (by some person A) that,” as “some person A believes 
that,” “it ought to be the case that,” or “it will always be true that.” 
These are epistemic, doxastic, deontic, and temporal modalities, 
respectively. Different interpretations of 0 will make different for- 
mulas logically true, and pronounce different inferences as valid. 
For instance, everything necessary and everything known is true, 
so OA — A is a logical truth on the alethic and epistemic inter- 
pretations. By contrast, not everything believed nor everything 
that ought to be the case actually is the case, so 0A — A is not a 
logical truth on the doxastic or deontic interpretations. 

In order to deal with different interpretations of the modal op- 
erators, the semantics is extended by a relation between worlds, 
the so-called accessibility relation. Then M,w t OA iff M,v t A 
for all worlds v which are accessible from w. The resulting se- 
mantics is very versatile and powerful, and the basic idea can be 
used to provide semantic interpretations for logics based on other 
intensional operators. One such logic is intuitionistic logic, a con- 
structive logic based on L. E. J. Brouwer’s branch of constructive 
mathematics. Intuitionistic logic is philosophically interesting for 
this reason—it plays an important role in constructive accounts of 
mathematics—but was also proposed as a logic superior to classi- 
cal logic by the influential English philosopher Michael Dummett 
in the goth century. Another application of relational models is 
as a semantics for subjunctive, or counterfactual, conditionals, 
an approach pioneered by Robert Stalnaker and David K. Lewis. 

This book is an introduction to the syntax, semantics, and 
proof theory of intensional logics. It only deals with proposi- 
tional logics, although future editions will also treat predicate 
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logics. The material is divided into three parts: The first part 
deals with normal modal logics. These are logics with the op- 
erators O and ©. We discuss their syntax, relational models 
and semantic notions based on them (such as validity and con- 
sequence) and derivation systems (both axiomatic systems and 
tableaux). We establish some basic results about these logics, 
such as the soundness and completeness of the derivation sys- 
tems considered, and discuss some model-theoretic constructions 
such as filtrations. The second part deals with intuitionistic logic. 
Here we discuss natural deduction and axiomatic derivations, 
relational and topological semantics, and soundness and com- 
pleteness of the derivation systems. The third part deals with the 
Lewis-Stalnaker semantics of counterfactual conditionals. The 
appendices discuss some ideas and results from set theory and 
the theory of relations that’s crucial to the relational semantics, 
and review syntax, semantics, and derivation theory of classical 
propositional logic. 


PART | 


Normal 
Modal 
Logics 


CHAPTER 1 


Syntax and 
Semantics 


1.1 Introduction 


Modal logic deals with modal propositions and the entailment re- 
lations among them. Examples of modal propositions are the 
following: 


1. It is necessary that 2+2 = 4. 
2. It is necessarily possible that it will rain tomorrow. 
3. If it is necessarily possible that A then it is possible that A. 


Possibility and necessity are not the only modalities: other unary 
connectives are also classified as modalities, for instance, “it 
ought to be the case that A,” “It will be the case that A,” “Dana 
knows that A,” or “Dana believes that A.” 

Modal logic makes its first appearance in Aristotle’s De Inter- 
pretatione: he was the first to notice that necessity implies possi- 
bility, but not vice versa; that possibility and necessity are inter- 
definable; that If A \ B is possibly true then A is possibly true 
and B is possibly true, but not conversely; and that if A — B is 
necessary, then if A is necessary, so is B. 
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The first modern approach to modal logic was the work of 
C. I. Lewis, culminating with Lewis and Langford, Symbolic Logic 
(1932). Lewis & Langford were unhappy with the representation 
of implication by means of the material conditional: A — B is 
a poor substitute for “A implies B.” Instead, they proposed to 
characterize implication as “Necessarily, if A then B,” symbolized 
as A 3 B. In trying to sort out the different properties, Lewis 
identified five different modal systems, S1, ..., $4, S5, the last 
two of which are still in use. 

The approach of Lewis and Langford was purely syntactical: 
they identified reasonable axioms and rules and investigated what 
was provable with those means. A semantic approach remained 
elusive for a long time, until a first attempt was made by Rudolf 
Carnap in Meaning and Necessity (1947) using the notion of a state 
description, i.e., a collection of atomic sentences (those that are 
“true” in that state description). After lifting the truth definition 
to arbitrary sentences A, Carnap defines A to be necessarily true 
if it is true in all state descriptions. Carnap’s approach could 
not handle iterated modalities, in that sentences of the form “Pos- 
sibly necessarily ... possibly A” always reduce to the innermost 
modality. 

The major breakthrough in modal semantics came with Saul 
Kripke’s article “A Completeness Theorem in Modal Logic” (JSL 
1959). Kripke based his work on Leibniz’s idea that a statement 
is necessarily true if it is true “at all possible worlds.” This idea, 
though, suffers from the same drawbacks as Carnap’s, in that the 
truth of statement at a world w (or a state description s) does not 
depend on w at all. So Kripke assumed that worlds are related 
by an accessibility relation R, and that a statement of the form 
“Necessarily A” is true at a world w if and only if A is true at all 
worlds w’ accessible from w. Semantics that provide some version 
of this approach are called Kripke semantics and made possible 
the tumultuous development of modal logics (in the plural). 

When interpreted by the Kripke semantics, modal logic shows 
us what relational structures look like “from the inside.” A rela- 
tional structure is just a set equipped with a binary relation (for 
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instance, the set of students in the class ordered by their social 
security number is a relational structure). But in fact relational 
structures come in all sorts of domains: besides relative possibil- 
ity of states of the world, we can have epistemic states of some 
agent related by epistemic possibility, or states of a dynamical 
system with their state transitions, etc. Modal logic can be used 
to model all of these: the first gives us ordinary, alethic, modal 
logic; the others give us epistemic logic, dynamic logic, etc. 

We focus on one particular angle, known to modal logicians 
as “correspondence theory.” One of the most significant early 
discoveries of Kripke’s is that many properties of the accessibil- 
ity relation R (whether it is transitive, symmetric, etc.) can be 
characterized in the modal language itself by means of appropri- 
ate “modal schemas.” Modal logicians say, for instance, that the 
reflexivity of R “corresponds” to the schema “If necessarily A, 
then A”. We explore mainly the correspondence theory of a num- 
ber of classical systems of modal logic (e.g., S4 and $5) obtained 
by a combination of the schemas D, T, B, 4, and 5. 


1.2 The Language of Basic Modal Logic 


Definition 1.1. The basic language of modal logic contains 
1. The propositional constant for falsity L. 


2. A countably infinite set of propositional variables: po, p1, 
PQ, +. 


3. The propositional connectives: = (negation), A (conjunc- 
tion), V (disjunction), — (conditional). 


4. The modal operator 0. 


5. The modal operator ©. 


CHAPTER 1. SYNTAX AND SEMANTICS 5 


Definition 1.2. Formulas of the basic modal language are induc- 
tively defined as follows: 


1. Lis an atomic formula. 

2. Every propositional variable p; is an (atomic) formula. 
3. If A is a formula, then —A is a formula. 

4. If A and B are formulas, then (A A B) is a formula. 

5. If A and B are formulas, then (A V B) is a formula. 

6. If A and B are formulas, then (A — B) is a formula. 

7. If Ais a formula, then OA is a formula. 

8. If A is a formula, then >A is a formula. 


g. Nothing else is a formula. 


Definition 1.3. Formulas constructed using the defined opera- 
tors are to be understood as follows: 


1. T abbreviates —_L. 


2. A B abbreviates (A > B) A (B- A). 


If a formula A does not contain O or ©, we say it is modal-free. 


1.3 Simultaneous Substitution 


An instance of a formula A is the result of replacing all occurrences 
of a propositional variable in A by some other formula. We will 
refer to instances of formulas often, both when discussing validity 
and when discussing derivability. It therefore is useful to define 
the notion precisely. 
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Definition 1.4. Where A is a modal formula all of whose propo- 
sitional variables are among fj, ..., fn, and Dj, ..., D, are also 
modal formulas, we define A[D1/fi,...,Dn/fn] as the result of 
simultaneously substituting each D, for p; in A. Formally, this is 
a definition by induction on A: 


1.A=L: A[D,/p1,. ' -»Da/ pr] is L. 


2. A=q: A[Di/f1,...,Dn/pn] is q, provided q # p; for i = 1, 


3. A= pi: A[D1/prs....Dn/Pal is Dy. 

4. A=-B: A[Dj/pr,...,Dn/ pn] is >B[Di/pr,.--Dn/prl- 

5. A=(BAC): A[Dy/fr.....Dy/pa] is 
(B[D1/p1,..-,Dn/pn] A C[Di/pr,...,Dn/pn)- 

6. A=(BVC): A[Di/pr.....Dn/pa] is 
(B[D1/p1,..-,Dn/pn] V C[Di/pr,...,Dn/pn). 

7. A=(B>C): A[Di/pr,...,Dn/Pal is 
(B[Di/pi,---,Dn/ pn] > C[Di/pr,---,Dn/pr)). 

8. A=(BOC): A[Di/p,....Dz/ pa] is 
(B[Di/pi,---,Dn/pn] @ C[Di/pi,---,Dn/pr)). 

9. A=OB: A[Di/p1,....Da/Po] is DBLDi/pr,-...Dn/Pal. 


10. A= OB: A[D,/fi,. : .»Dn/pr] is ©B[D,/fi.. a »Dn/ pn]. 


The formula A[Dj/f1,...,Dn/pn] is called a substitution instance 
of A. 
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Example 1.5. Suppose A is p1 — O(f1 A f2), Di is O(p2 > f3) 
and Do is ~Of1. Then A[D1/pi, Do/p2] is 
© (p2 > ps) > O(O(p2 > ps) A 0p) 
while A[D2/pr,D1/po] is 
=O) > O(-0f1 A O(p2 > £3)) 
Note that simultaneous substitution is in general not the same as 
iterated substitution, e.g., compare A[Dj/fi,Do/po] above with 
(A[D1/p1])|D2/p2], which is: 
© (p2 > p3) > O(O(p2 > ps) A pr) [>Op1/pa], ie, 
(70/1 — ps3) > O(O(-0f1 — p3) A 70f1) 
and with (A[Do/po|) [Di/pil: 
pi > O(pr A 701) [0 (f2 — ps)/pi, Le., 
©(p2 > p3) 2 O(O(f2 > £3) A 700 (po > f3)). 


1.4 Relational Models 


The basic concept of semantics for normal modal logics is that of 
a relational model. It consists of a set of worlds, which are related 
by a binary “accessibility relation,” together with an assignment 
which determines which propositional variables count as “true” 
at which worlds. 


Definition 1.6. A model for the basic modal language is a triple 
M =(W,R,V), where 


1. W is a nonempty set of “worlds,” 
2. R is a binary accessibility relation on W, and 


3. V is a function assigning to each propositional variable p 
a set V(p) of possible worlds. 
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Oe 
zag 


Figure 1.1: A simple model. 


When Rww’ holds, we say that w’ is accessible from w. When 
we V(p) we say p is true at w. 


The great advantage of relational semantics is that mod- 
els can be represented by means of simple diagrams, such as 
the one in Figure 1.1. Worlds are represented by nodes, and 
world w’ is accessible from w precisely when there is an arrow 
from w to w’. Moreover, we label a node (world) by when 
w € V(p), and otherwise by =f. Figure 1.1 represents the model 
with W = {w1,w2,w3}, R = {(w1,W2),(w1,3)}, V(p) = {wi, wo}, 
and V(q) = {wy}. 


1.5 Truth at a World 


Every modal model determines which modal formulas count as 
true at which worlds in it. The relation “model M makes for 
mula A true at world w” is the basic notion of relational seman- 
tics. The relation is defined inductively and coincides with the 
usual characterization using truth tables for the non-modal oper- 
ators. 
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Definition 1.7. Truth of a formula A at w in a M, in symbols: 
M,w | A, is defined inductively as follows: 


1. A=1: Never M,w tt 1. 

2. M,w t p iff w e V(p). 

3. A=AB: M,wt A iff M,w # B. 

4. A=(BAC): M,wt AiffM,wt Band M,wt C. 

5. A=(BVC): M,w t A iff M,w t+ Bor M,w t C (or both). 
6. A=(B-C): M,wt A iff M,w # Bor M,wt C. 

7. A=OB: M,w t A iff M,w’ t+ B for all w’ € W with Rww’. 


8. A= OB: M,w t A iff M,w’ t B for at least one w’ € W 
with Rww’. 


Note that by clause (7), a formula OB is true at w whenever 
there are no w’ with Rww’. In such a case OB is vacuously true 
at w. Also, OB may be satisfied at w even if B is not. The truth 
of B at w does not guarantee the truth of OB at w. This holds, 
however, if Rww, e.g., if R is reflexive. If there is no w’ such that 
Rww’, then M,w # OA, for any A. 


Proposition 1.8. 1. M,w t OA iffM,w tt 30-74. 
2. M,wt OA iffM,w + 707A. 


Proof. 1. M,w tt =0-A iff M ¥ 7A by definition of M,w t. 
M,w t ©-7A iff for some w’ with Rww’, M,w’ t 7A. 
Hence, M,w #* ©—A iff for all w’ with Rww’, M,w’ « 7A. 
We also have M,w’ ¥ —A iff M,w’ t A. Together we have 
M,w tt =©-—A iff for all w’ with Rww’, M,w’ t A. Again 
by definition of M,w 1, that is the case iff M,w t OA. 


2. Exercise. oO 
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1.6 Truth in a Model 


Sometimes we are interested which formulas are true at every 
world in a given model. Let’s introduce a notation for this. 


Definition 1.9. A formula A is true in a model M = (W,R,V), 
written M t+ A, if and only if M,w t A for every w € W. 


Proposition 1.10. 1. IfM t A thenM # =A, but not vice-versa. 


2. If[Mt AB thenM tt A only ifM t B, but not vice-versa. 


Proof. 1. IfMt A then A is true at all worlds in W, and since 
W #9, it can’t be that M t+ —A, or else A would have to be 
both true and false at some world. 


On the other hand, if M * —A then A is true at some world 
w € W. It does not follow that M,w t A for every w « W. 
For instance, in the model of Figure 1.1, M # —f, and also 
M ¥ p. 


2. Assume Mt A> Band M t 4A; to show M t B let we W 
be an arbitrary world. Then M,w tt A > B and M,w t A, 
so M,w t B, and since w was arbitrary, M t B. 


To show that the converse fails, we need to find a model 
M such that M t A only if M t+ B, but M F AB. 
Consider again the model of Figure 1.1: M # p and hence 
(vacuously) M | p only if M t g. However, M ¥ p — q, as 
p is true but q false at wy. Oo 


1.7 Validity 


Formulas that are true in all models, i.e., true at every world in 
every model, are particularly interesting. They represent those 
modal propositions which are true regardless of how 0 and © are 


CHAPTER 1. SYNTAX AND SEMANTICS 11 


interpreted, as long as the interpretation is “normal” in the sense 
that it is generated by some accessibility relation on possible 
worlds. We call such formulas valid. For instance, O(p A q) > Op 
is valid. Some formulas one might expect to be valid on the basis 
of the alethic interpretation of 0, such as Op — #, are not valid, 
however. Part of the interest of relational models is that different 
interpretations of 0 and ¢ can be captured by different kinds of 
accessibility relations. This suggests that we should define valid- 
ity not just relative to all models, but relative to all models of a 
certain kind. It will turn out, e.g., that Of — # is true in all mod- 
els where every world is accessible from itself, i.e., R is reflexive. 
Defining validity relative to classes of models enables us to for- 
mulate this succinctly: Of — # is valid in the class of reflexive 
models. 


Definition 1.11. A formula A is valid in a class 6 of models if 
it is true in every model in © (i.e., true at every world in every 
model in ©). If A is valid in @, we write 6 & A, and we write — A 
if A is valid in the class of all models. 


Proposition 1.12. Jf A is valid in © it is also valid in each class 
€’ CS. 


Proposition 1.13. [fA is valid, then so is OA. 


Proof. Assume § A. To show § DA let M = (W,R,V) be a model 
and w € W. If Rww’ then M,w’ t+ A, since A is valid, and so 
also M,w OA. Since M and w were arbitrary, § OA. Oo 


1.8 Tautological Instances 


A modal-free formula is a tautology if it is true under every truth- 
value assignment. Clearly, every tautology is true at every world 
in every model. But for formulas involving 0 and 6, the notion 
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of tautology is not defined. Is it the case, e.g., that Of V ~Op— 
an instance of the principle of excluded middle—is valid? The 
notion of a tautological instance helps: a formula that is a substi- 
tution instance of a (non-modal) tautology. It is not surprising, 
but still requires proof, that every tautological instance is valid. 


Definition 1.14. A modal formula B is a tautological instance 
if and only if there is a modal-free tautology A with proposi- 
tional variables f;, ..., p, and formulas Dj, ..., D, such that 
B= A[D,/p1,...,Dn/pn). 


Lemma 1.15. Suppose A is a modal-free formula whose propositional 
variables are pi, ..., Pn, and let Dy, ..., Dy be modal formulas. Then 
for any assignment v, any model M = (W,R,V), and anyw € W such 
that v(pi) = T if and only if M,w t+ D; we have that v & A if and 
only ifM,w tt A[D,/pi,...,Dn/pn].- 


Proof. By induction on A. 
1. A=1: Bothv# 1 and M,w # LL. 
2. A= p;: 


VE pi @ 0(pi) =T 
by definition of v § p; 
© M,w t D; 
by assumption 
© M,w t p;i[Di/f,...,Dn/pn] 
since p;[Di/fi....,Dn/pn] = Di. 


3. A=-B: 


VEABSvVEB 
by definition of v §; 
= M,w ¥ B[D;/pi,..-,Dn/pn] 
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by induction hypothesis 
© M,w tt ABD, /pi,- bey Dy Bel 
by definition of v F. 


4. A=(BAC): 


vEBAC Sve BandveC 
by definition of v F 
© M,w tt B[D,/fi,...,Dn/pn] and 
M,w lt C[D,/p1,..-,Dn/pn] 
by induction hypothesis 
@& M,wt (BAC)[Di/pi,...,Dn/prl 
by definition of M,w tr. 


5. A=(BVC): 


VEBVC SvEBorveld 
by definition of v F; 
© M,w tt B[D,/fi,...,Dn/pn] or 
M,w tt C[D;/p1,...,Dn/pn] 
by induction hypothesis 
© M,w t (BV C)[Di/fi,..-,Dn/pn] 
by definition of M,w tr. 


6. A=(B-C): 


VEBOCS0vVEBoOorvEC 
by definition of v F 
© M,w ¥ B[D,/pi,..-,Dn/ pn] or 
M,w tt C[D,/p1,...,Dn/pn] 
by induction hypothesis 
© M,w tt (B> C)[D4/f1,...,Dn/pn] 


13 


CHAPTER 1. SYNTAX AND SEMANTICS 14 


by definition of M,w tr. 


Proposition 1.16. All tautological instances are valid. 


Proof. Contrapositively, suppose A is such that M,w 
A[D;/p1,...,Dn/pn|, for some model M and world w. Define 
an assignment v such that v(p;) = T if and only if M,w t D, 
(and v assigns arbitrary values to g ¢ {f1,...,fn}). Then by 
Lemma 1.15, v £ A, so A is not a tautology. Oo 


1.9 Schemas and Validity 


Definition 1.17. A schema is a set of formulas comprising all and 
only the substitution instances of some modal formula C, i.e., 


{B:AD,,...,4D, (B = C[D1/f1,...,Dn/pfrl)}- 


The formula C’ is called the characteristic formula of the schema, 
and it is unique up to a renaming of the propositional variables. 
A formula A is an instance of a schema if it is a member of the 
set. 


It is convenient to denote a schema by the meta-linguistic 
expression obtained by substituting ‘A’, ‘B’, ..., for the atomic 
components of C’. So, for instance, the following denote schemas: 
‘A’, ‘A004’, ‘A—(B—A)’. They correspond to the characteristic 
formulas p, p — Op, p — (q — p). The schema ‘A’ denotes the 
set of all formulas. 


Definition 1.18. A schema is ¢rue in a model if and only if all of 
its instances are; and a schema is valid if and only if it is true in 
every model. 
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Proposition 1.19. The following schema K is valid 
o(A—> B) > (04 > OB). (K) 


Proof. We need to show that all instances of the schema are true 
at every world in every model. So let M = (W,R,V) and w « W 
be arbitrary. To show that a conditional is true at a world we 
assume the antecedent is true to show that consequent is true as 
well. In this case, let M,w + O(A — B) and M,w t+ OA. We 
need to show M t OB. So let w’ be arbitrary such that Rww’. 
Then by the first assumption M,w’ t+ A — B and by the second 
assumption M,w’ t A. It follows that M,w’ + B. Since w’ was 
arbitrary, M,w | OB. o 


Proposition 1.20. The following schema DuAL is valid 
6A © -70-74. (DUAL) 


Proof. Exercise. Oo 


Proposition 1.21. /f A and A — B are true at a world in a model 
then so is B. Hence, the valid formulas are closed under modus ponens. 


Proposition 1.22. A formula A is valid iff all its substitution in- 
stances are. In other words, a schema is valid iff its characteristic for- 
mula is. 


Proof. The “if” direction is obvious, since A is a substitution in- 
stance of itself. 

To prove the “only if” direction, we show the follow- 
ing: Suppose M = (W,R,V) is a modal model, and B = 
A[D/p1,...,Dn/pn]| is a substitution instance of A. Define M’ = 
(W,R,V’) by V'(pi) = {w : M,w t D;}. Then M,w t B iff 
M’,w tt A, for any w € W. (We leave the proof as an exercise.) 
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Valid Schemas Invalid Schemas 
Oo(A > B) => (OA OB) || OAV B) > (CAV OB) 
o(A— B) > (GA OB) || (CAA OB) > O(AAB) 
oO(A AB) @ (OA ADB) A—oA 

oA —> O(B > A) OoOA->B 
nOA—>0(A > B) oo0A > oA 

O(AV B) (OAV OB) OnOA— ODA. 


Table 7.1: Valid and (or?) invalid schemas. 


Now suppose that A was valid, but some substitution instance 
B of A was not valid. Then for some M = (W,R,V) and some 
weW,M,w ¥ B. But then M’,w # A by the claim, and A is not 
valid, a contradiction. Oo 


Note, however, that it is not true that a schema is true in a 
model iff its characteristic formula is. Of course, the “only if” 
direction holds: if every instance of A is true in M, A itself is 
true in M. But it may happen that A is true in M but some 
instance of A is false at some world in M. For a very simple 
counterexample consider p in a model with only one world w 
and V(p) = {w}, so that p is true at w. But 1 is an instance of p, 
and not true at w. 


1.10 Entailment 


With the definition of truth at a world, we can define an entail- 
ment relation between formulas. A formula B entails A iff, when- 
ever B is true, A is true as well. Here, “whenever” means both 
“whichever model we consider” as well as “whichever world in 
that model we consider.” 


Definition 1.23. If [is a set of formulas and A a formula, then 
I’ entails A, in symbols: I + A, if and only if for every model 
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OO, 
No 


Figure 1.2: Counterexample to p> Opt Up — p. 


M = (W,R,V) and world w € W, if M,w t+ B for every Be T, 
then M,w t A. If I contains a single formula B, then we write 
Be A. 


Example 1.24. To show that a formula entails another, we have 
to reason about all models, using the definition of M,w t+. For 
instance, to show p > Op — O-p — =f, we might argue as fol- 
lows: Consider a model M = (W,R,V) and w € W, and suppose 
M,w t p— Op. We have to show that M,w tt O7p — 7p. Sup- 
pose not. Then M,w | O-p and M,w # 7p. Since M,w ¥ 7, 
M,w t p. By assumption, M,w tt p > Op, hence M,w tt Op. By 
definition of M,w tt Op, there is some w’ with Rww’ such that 
M,w’ | p. Since also M,w + O-p, M,w’ + =f, a contradiction. 

To show that a formula B does not entail another A, we have 
to give a counterexample, i.e., a model M = (W,R,V) where we 
show that at some world w € W, M,w tt B but M,w # A. Let’s 
show that p — Op # Op — p. Consider the model in Figure 1.2. 
We have M,w It Op and hence M,w tt p— Op. However, since 
M,w) | Op but M,w) F p, we have M,w) ¥ Op — p. 

Often very simple counterexamples suffice. The model M’ = 
{W’,R’,V’} with W’ = {w}, R’ = 0, and V’(p) = @ is also a 
counterexample: Since M’,w # p, M’,w \t p— Op. As no worlds 
are accessible from w, we have M’,w |t Op, and so M’,w ¥ Op > 


p. 


CHAPTER 1. SYNTAX AND SEMANTICS 18 


Problems 


Problem 1.1. Consider the model of Figure 1.1. Which of the 
following hold? 


1. M,w It q; 

2. M, we lt 7g; 

3. M,wi tt pv q; 

4. M,w t O(p V 9); 
5. M,w3 Og; 

6. M,w3 I O1; 

7. M,w, | Og; 

8. M,w Og; 


g. M,w 700-9. 
Problem 1.2. Complete the proof of Proposition 1.8. 


Problem 1.3. Let M = (W,R,V) be a model, and suppose 
w ,wa € W are such that: 


1. w; € V(p) if and only if wa € V(p); and 
2. for all w ¢ W: Rw ,w if and only if Rwow. 


Using induction on formulas, show that for all formulas A: 
M,w, tt A if and only if M, wo t A. 


Problem 1.4. Let M = (W,R,V). Show that M,w t =A if and 
only if M,w  O-7A. 


Problem 1.5. Consider the following model M for the language 
comprising f1, f2, p3 as the only propositional variables: 
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Are the following formulas and schemas true in the model M, 
i.e., true at every world in M? Explain. 


1. 
2. 
2. 
4. 
5- 
6. 


p— Op (for p atomic); 
A— A (for A arbitrary); 
Op — p (for p atomic); 
ap — ©up (for p atomic); 
©oOA (for A arbitrary); 


Op (for p atomic). 


Problem 1.6. Show that the following are valid: 


1. 


2. 


2. 


FOp > Og > p); 


FO7L; 


F Op > (Og — Of). 


Problem 1.7. Show that A— DA is valid in the class 6 of models 
M =(W,R,V) where W = {w}. Similarly, show that B > OA and 
©A — B are valid in the class of models M = (W,R,V) where 
R=9. 


Problem 1.8. Prove Proposition 1.20. 
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Problem 1.9. Prove the claim in the “only if” part of the proof 
of Proposition 1.22. (Hint: use induction on A.) 


Problem 1.10. Show that none of the following formulas are 
valid: 


D: Op > Of; 
T: Opp; 
B: poop; 
4: Of > O09; 
5: Op Oop. 


Problem 1.11. Prove that the schemas in the first column of ‘[a- 
ble 1.1 are valid and those in the second column are not valid. 


Problem 1.12. Decide whether the following schemas are valid 
or invalid: 


1. (OA— OB) > (OA > OB); 


2. O(A—> B)vo(B- A). 


Problem 1.13. For each of the following schemas find a model 
M such that every instance of the formula is true in M: 


1. p> OOP; 
2. Op — Op. 
Problem 1.14. Show that O(A A B) & OA. 


Problem 1.15. Show that O(p — q) # p— Og and p— a9 # 
O(p > 4). 


CHAPTER 2 
Frame 


Definability 


2.1 Introduction 


One question that interests modal logicians is the relationship be- 
tween the accessibility relation and the truth of certain formulas 
in models with that accessibility relation. For instance, suppose 
the accessibility relation is reflexive, i.e., for every w ¢ W, Rww. 
In other words, every world is accessible from itself. That means 
that when DA is true at a world w, w itself is among the accessible 
worlds at which A must therefore be true. So, if the accessibility 
relation R of M is reflexive, then whatever world w and formula 
A we take, OA — A will be true there (in other words, the schema 
Of — p and all its substitution instances are true in M). 

The converse, however, is false. It’s not the case, e.g., that if 
Op — p is true in M, then R is reflexive. For we can easily find 
a non-reflexive model M where Of — f is true at all worlds: take 
the model with a single world w, not accessible from itself, but 
with w ¢ V(p). By picking the truth value of p suitably, we can 
make 0A — A true in a model that is not reflexive. 

The solution is to remove the variable assignment V from the 
equation. If we require that Op — f is true at all worlds in M, 
regardless of which worlds are in V(p), then it is necessary that 
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R is reflexive. For in any non-reflexive model, there will be at 
least one world w such that not Rww. If we set V(p) = W \ {w}, 
then # will be true at all worlds other than w, and so at all worlds 
accessible from w (since w is guaranteed not to be accessible 
from w, and w is the only world where # is false). On the other 
hand, p is false at w, so Op — fp is false at w. 

This suggests that we should introduce a notation for model 
structures without a valuation: we call these frames. A frame 
F is simply a pair (W,R) consisting of a set of worlds with an 
accessibility relation. Every model (W,R,V) is then, as we say, 
based on the frame (W,R). Conversely, a frame determines the 
class of models based on it; and a class of frames determines the 
class of models which are based on any frame in the class. And 
we can define F § A, the notion of a formula being valid in a 
frame as: M t A for all M based on F. 

With this notation, we can establish correspondence relations 
between formulas and classes of frames: e.g., F Op > p if, and 
only if, F is reflexive. 


2.2 Properties of Accessibility Relations 


Many modal formulas turn out to be characteristic of simple, and 
even familiar, properties of the accessibility relation. In one direc- 
tion, that means that any model that has a given property makes 
a corresponding formula (and all its substitution instances) true. 
We begin with five classical examples of kinds of accessibility 
relations and the formulas the truth of which they guarantee. 


Theorem 2.1. Let M = (W,R,V) be a model. If R has the property 
on the left side of Jable 2.7, every instance of the formula on the right 
side is true in M. 


Proof. Here is the case for B: to show that the schema is true in 
a model we need to show that all of its instances are true at all 
worlds in the model. So let A > O04 be a given instance of B, 
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IfR is... then ...is true in M: 

serial: VusuRuo Op > Op (D) 
reflexive: VwRww op p (T) 
symmetric: pourp (B) 
VuVo(Ruv > Rou) 

transitive: ofp — op (4) 
VuVoVw((Ruv A Row) > Ruw) 

euclidean: Op 2 0p (5) 
VwVuVo((Rwu A Rwov) > Ruv) 


Table 2.1: Five correspondence facts. 


Cc @) 
Ss 


I A It OA 
IK OOA 


Figure 2.1: The argument from symmetry. 


and let w € W be an arbitrary world. Suppose the antecedent A 
is true at w, in order to show that O¢A is true at w. So we need 
to show that A is true at all w’ accessible from w. Now, for any 
w’ such that Rww’ we have, using the hypothesis of symmetry, 
that also Rw’w (see Figure 2.1). Since M,w tt A, we have M,w’ tt 
©A. Since w’ was an arbitrary world such that Rww’, we have 
M,w + OOA. 

We leave the other cases as exercises. Oo 


Notice that the converse implications of ‘Theorem 2.1 do not 
hold: it’s not true that if a model verifies a schema, then the ac- 
cessibility relation of that model has the corresponding property. 
In the case of T and reflexive models, it is easy to give an exam- 
ple of a model in which T itself fails: let W = {w} and V(p) = 0. 
Then R is not reflexive, but M,w It Of and M,w # p. But here we 
have just a single instance of T that fails in M, other instances, 
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e.g., Onp > 7 are true. It is harder to give examples where every 
substitution instance of T is true in M and M is not reflexive. But 
there are such models, too: 


Proposition 2.2. Let M = (W,R,V) be a model such that W = 
{u,v}, where worlds u and v are related by R: i.e., both Ruv and Rou. 
Suppose that for all p: ue V(p) @ v € V(p). Then: 


1. For all A: M,u t A if and only if M,v t A (use induction on 
A). 


2. Every instance of T is true in M. 


Since M is not reflexive (it is, in fact, irreflexive), the converse of The- 
orem 2.1 fails in the case of T (similar arguments can be given for 
some—though not all—the other schemas mentioned in I/heorem 2.1). 


Although we will focus on the five classical formulas D, T, 
B, 4, and 5, we record in Table 2.2 a few more properties of 
accessibility relations. The accessibility relation R is partially 
functional, if from every world at most one world is accessible. If 
it is the case that from every world exactly one world is accessible, 
we call it functional. (Thus the functional relations are precisely 
those that are both serial and partially functional). They are 
called “functional” because the accessibility relation operates like 
a (partial) function. A relation is weakly dense if whenever Ruz, 
there is a w “between” u and v. So weakly dense relations are in a 
sense the opposite of transitive relations: in a transitive relation, 
whenever you can reach v from u by a detour via w, you can 
reach v from u directly; in a weakly dense relation, whenever you 
can reach v from uw directly, you can also reach it by a detour 
via some w. A relation is weakly directed if whenever you can 
reach worlds u and v from some world w, you can reach a single 
world ¢ from both u and v—this is sometimes called the “diamond 
property” or “confluence.” 
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IfR is... then ...is true in M: 


partially functional: 


VwVuVo((Rwu A Rwv) > u = 0) meee 4 


functional: VwaoVu(Rwu ou =v) Op oop 


weakly dense: 


VuVo(Ruv > Jw(Ruw A Rwo)) me aes 

weakly connected: O((p Aap) > 4) V 

VwVuVo((Rwu A Rwo) > n((¢ Ang) > p) (L) 
(Ruv Vu=vV Rou)) q q - 

weakly directed: 

VwVuVo((Rwu A Rwov) > oop 00p (G) 


At(Rut A Rot)) 


Table 2.2: Five more correspondence facts. 


2.3 Frames 


Definition 2.3. A frame is a pair F = (W,R) where W is a non- 
empty set of worlds and R a binary relation on W. A model M 
is based on a frame F = (W,R) if and only if M = (W,R,V) for 


some valuation V. 


Definition 2.4. If F is a frame, we say that A is valid in F, F § A, 
if M t+ A for every model M based on F. 

If F is a class of frames, we say A is valid in F, F & A, iff 
Ft A for every frame F € #. 


The reason frames are interesting is that correspondence be- 
tween schemas and properties of the accessibility relation R is 
at the level of frames, not of models. For instance, although T is 
true in all reflexive models, not every model in which T is true 
is reflexive. However, it is true that not only is T valid on all 
reflexive frames, also every frame in which T is valid is reflexive. 
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Remark 7. Validity in a class of frames is a special case of the 
notion of validity in a class of models: ¥ + A iff % + A where 6 
is the class of all models based on a frame in #. 

Obviously, if a formula or a schema is valid, i.e., valid with 
respect to the class of all models, it is also valid with respect to 
any class ¥ of frames. 


2.4 Frame Definability 


Even though the converse implications of Theorem 2.1 fail, they 
hold if we replace “model” by “frame”: for the properties con- 
sidered in Theorem 2.1, it is true that if a formula is valid in a 
frame then the accessibility relation of that frame has the corre- 
sponding property. So, the formulas considered define the classes 
of frames that have the corresponding property. 


Definition 2.5. If F is a class of frames, we say A defines F iff 
F A for all and only frames F € #. 


We now proceed to establish the full definability results for 
frames. 


Theorem 2.6. [f the formula on the right side of lable 2.7 is valid 
in a frame F, then F has the property on the left side. 


Proof. 1. Suppose D is valid in F = (W,R), ie., FE Op > Op. 
Let M = (W,R,V) be a model based on F, and w « W. We 
have to show that there is a v such that Rwv. Suppose not: 
then both M tt OA and M,w ¥# OA for any A, including p. 
But then M,w ¥ Op — Of, contradicting the assumption 
that Fr of > Op. 


2. Suppose T is valid in F, i., Ft Of — p. Let w € W be 
an arbitrary world; we need to show Rww. Let u € V(p) if 
and only if Rwu (when q is other than p, V(q) is arbitrary, 
say V(q) = 0). Let M = (W,R,V). By construction, for all 
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u such that Rwu: M,u \t p, and hence M,w t Op. But by 
hypothesis Of — f is true at w, so that M,w It p, but by 
definition of V this is possible only if Rww. 


3. We prove the contrapositive: Suppose F is not symmetric, 
we show that B, i.e., p> Of is not valid in F = (W,R). If F 
is not symmetric, there are u, v € W such that Ruv but not 
Rou. Define V such that w € V(p) if and only if not Row 
(and V is arbitrary otherwise). Let M = (W,R,V). Now, 
by definition of V, M,w t+ p for all w such that not Row, 
in particular, M,u |r p since not Rvu. Also, since Row iff 
w ¢V(p), there is no w such that Ruw and M,w t p, and 
hence M,v ¥ Op. Since Ruv, also M,u ¥ Of. It follows 
that M,u ¥ p > Of, and so B is not valid in F. 


4. Suppose 4 is valid in F = (W, R), ie., F = Of > O09, and let 
u, v, w € W be arbitrary worlds such that Ruv and Row; 
we need to show that Ruw. Define V such that z € V(p) 
if and only if Ruz (and V is arbitrary otherwise). Let M = 
(W,R,V). By definition of V, M,z + p for all z such that 
Ruz, and hence M,u | Op. But by hypothesis 4, 0 - 009, 
is true at wu, so that M,u | OOp. Since Ruv and Rvw, we 
have M,w t+ p, but by definition of V this is possible only 
if Ruw, as desired. 


5. We proceed contrapositively, assuming that the frame F = 
(W,R) is not euclidean, and show that it falsifies 5, ice., 
F ¥ Op — Op. Suppose there are worlds u, v, w € W such 
that Rwu and Rwy but not Ruv. Define V such that for all 
worlds z, z € V(p) if and only if it is not the case that Ruz. 
Let M = (W,R,V). Then by hypothesis M,v tt p and since 
Rwz also M,w t+ Op. However, there is no world y such 
that Ruy and M,y + p so M,u ¥ Op. Since Rwu, it follows 
that M,w * O04, so that 5, Op > O04, fails at w. Oo 


You'll notice a difference between the proof for D and the 
other cases: no mention was made of the valuation V. In effect, 
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we proved that if M + D then M is serial. So D defines the class 
of serial models, not just frames. 


Corollary 2.7. Any model where D is true is serial. 


Corollary 2.8. Each formula on the right side of 1able 2.7 defines the 
class of frames which have the property on the left side. 


Proof. In Theorem 2.1, we proved that if a model has the property 
on the left, the formula on the right is true in it. Thus, ifa frame F 
has the property on the left, the formula on the right is valid in F. 
In Theorem 2.6, we proved the converse implications: if a formula 
on the right is valid in F, F has the property on the left. Oo 


Theorem 2.6 also shows that the properties can be combined: 
for instance if both B and 4 are valid in F then the frame is both 
symmetric and transitive, etc. Many important modal logics are 
characterized as the set of formulas valid in all frames that com- 
bine some frame properties, and so we can characterize them as 
the set of formulas valid in all frames in which the correspond- 
ing defining formulas are valid. For instance, the classical system 
S4 is the set of all formulas valid in all reflexive and transitive 
frames, i.e., in all those where both T and 4 are valid. S5 is the 
set of all formulas valid in all reflexive, symmetric, and euclidean 
frames, i.e., all those where all of T, B, and 5 are valid. 

Logical relationships between properties of R in general cor- 
respond to relationships between the corresponding defining for- 
mulas. For instance, every reflexive relation is serial; hence, 
whenever T is valid in a frame, so is D. (Note that this rela- 
tionship is not that of entailment. It is not the case that whenever 
M,w t+ T then M,w t+ D.) We record some such relationships. 


Proposition 2.9. Let R be a binary relation on a set W; then: 


1. If R is reflexive, then it is serial. 
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2. IfR is symmetric, then it is transitive if and only if it is euclidean. 


3. IfR is symmetric or euclidean then it is weakly directed (it has 
the “diamond property”). 


4. If R is euclidean then it is weakly connected. 


5. IfR is functional then it is serial. 


2.5 First-order Definability 


We’ve seen that a number of properties of accessibility relations 
of frames can be defined by modal formulas. For instance, sym- 
metry of frames can be defined by the formula B, p > O09. 
The conditions we’ve encountered so far can all be expressed 
by first-order formulas in a language involving a single two- 
place predicate symbol. For instance, symmetry is defined by 
Vx Vy (Q(x,) > Q(y,*x)) in the sense that a first-order structure M 
with |M| = W and Q™ = R satisfies the preceding formula iff R 
is symmetric. This suggests the following definition: 


Definition 2.10. A class # of frames is first-order definable if 
there is a sentence A in the first-order language with a single 
two-place predicate symbol Q such that F= (W,R) « F iff M+ A 
in the first-order structure M with |M| = W and om = R. 


It turns out that the properties and modal formulas that define 
them considered so far are exceptional. Not every formula defines 
a first-order definable class of frames, and not every first-order 
definable class of frames is definable by a modal formula. 

A counterexample to the first is given by the Lob formula: 


o(op > p) > Of. (W) 


W defines the class of transitive and converse well-founded 
frames. A relation is well-founded if there is no infinite sequence 
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W1, W2,... such that Rwow 1, Rw3wo, .... For instance, the rela- 
tion < on N is well-founded, whereas the relation < on Z is not. A 
relation is converse well-founded iff its converse is well-founded. 
So converse well-founded relations are those where there is no 
infinite sequence wj, wo, ... such that Rw jw, Rwow3,.... 

There is, however, no first-order formula defining transitive 
converse well-founded relations. For suppose M ¢ F iff R = QM 
is transitive converse well-founded. Let A, be the formula 


(Q(a1, a2) NESE IN Q(@n-1,4n)) 
Now consider the set of formulas 
I = {F,Aj,Ao,...}. 


Every finite subset of I" is satisfiable: Let k be largest such that A; 
is in the subset, |M;| = {1,...,4}, Ng = i, and QM =<, Since 
< on {1,...,} is transitive and converse well-founded, M; § F. 
M;, § A; by construction, for all i < k. By the Compactness 
Theorem for first-order logic, I’ is satisfiable in some structure M. 
By hypothesis, since M & F, the relation Q™ is converse well- 
founded. But clearly, an ; ae ,... would form an infinite sequence 
of the kind ruled out by converse well-foundedness. 

A counterexample to the second claim is given by the prop- 
erty of universality: for every u and v, Ruv. Universal frames are 
first-order definable by the formula Vx Vy Q(x,y). However, no 
modal formula is valid in all and only the universal frames. This 
is a consequence of a result that is independently interesting: the 
formulas valid in universal frames are exactly the same as those 
valid in reflexive, symmetric, and transitive frames. There are re- 
flexive, symmetric, and transitive frames that are not universal, 
hence every formula valid in all universal frames is also valid in 
some non-universal frames. 


2.6 Equivalence Relations and $5 


The modal logic S5 is characterized as the set of formulas valid 
on all universal frames, i.e., every world is accessible from every 
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world, including itself. In such a scenario, O corresponds to ne- 
cessity and © to possibility: OA is true if A is true at every world, 
and A is true if A is true at some world. It turns out that S5 
can also be characterized as the formulas valid on all reflexive, 
symmetric, and transitive frames, i.e., on all equivalence relations. 


Definition 2.11. A binary relation R on W is an equivalence re- 
lation if and only if it is reflexive, symmetric and transitive. A 
relation R on W is universal if and only if Ruv for all u,v € W. 


Since T, B, and 4 characterize the reflexive, symmetric, and 
transitive frames, the frames where the accessibility relation is 
an equivalence relation are exactly those in which all three for- 
mulas are valid. It turns out that the equivalence relations can 
also be characterized by other combinations of formulas, since 
the conditions with which we’ve defined equivalence relations are 
equivalent to combinations of other familiar conditions on R. 


Proposition 2.12. The following are equivalent: 
1. R is an equivalence relation; 
2. R is reflexive and euclidean; 
3. R is serial, symmetric, and euclidean; 


4. R is serial, symmetric, and transitive. 
Proof. Exercise. Oo 


Proposition 2.12 is the semantic counterpart to Proposi- 
tion 3.29, in that it gives an equivalent characterization of the 
modal logic of frames over which R is an equivalence relation 
(the logic traditionally referred to as S5). 

What is the relationship between universal and equivalence 
relations? Although every universal relation is an equivalence 
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relation, clearly not every equivalence relation is universal. How- 
ever, the formulas valid on all universal relations are exactly the 
same as those valid on all equivalence relations. 


Proposition 2.13. Let R be an equivalence relation, and for each 
w € W define the equivalence class of w as the set [w] ={w’ €W: 
Rww’'}. Then: 


7. w € [wl]; 
2. R is universal on each equivalence class |w]; 


3. The collection of equivalence classes partitions W into mutually 
exclusive and jointly exhaustive subsets. 


Proposition 2.14. A formula A is valid in all frames F = (W,R) 
where R is an equivalence relation, if and only if it is valid in all 
frames F = (W,R) where R is universal. Hence, the logic of universal 
frames is just S5. 


Proof. It’s immediate to verify that a universal relation R on W 
is an equivalence. Hence, if A is valid in all frames where R is 
an equivalence it is valid in all universal frames. For the other 
direction, we argue contrapositively: suppose B is a formula that 
fails at a world w in a model M = (W,R,V) based on a frame 
(W,R), where R is an equivalence on W. So M,w # B. Define a 
model M’ = (W’,R’,V’) as follows: 


1. W’ = [w]; 
2. R’ is universal on W’; 
3. Vi(p=Vipynw’. 


(So the set W’ of worlds in M’ is represented by the shaded area 
in Figure 2.2.) It is easy to see that R and R’ agree on W’. Then 
one can show by induction on formulas that for all w’ € W’: 
M’,w’ t A if and only if M,w’ + A for each A (this makes sense 
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[u] ij 


Figure 2.2: A partition of W in equivalence classes. 


since W’ C W). In particular, M’,w # B, and B fails in a model 
based on a universal frame. oO 


2.7. Second-order Definability 


Not every frame property definable by modal formulas is first- 
order definable. However, if we allow quantification over one- 
place predicates (i.e., monadic second-order quantification), we 
define all modally definable frame properties. The trick is to 
exploit a systematic way in which the conditions under which a 
modal formula is true at a world are related to first-order formu- 
las. This is the so-called standard translation of modal formulas 
into first-order formulas in a language containing not just a two- 
place predicate symbol Q for the accessibility relation, but also a 
one-place predicate symbol P; for the propositional variables p; 
occurring in A. 


Definition 2.15. The standard translation ST,(A) is inductively 
defined as follows: 


1. A=4: ST,(A) = 1. 


2. A=p;: ST,(A) = P;(x). 
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3. A=-B: ST,(A) =-ST,(B). 

4. A=(BAC): ST,(A) = (ST,(B) A ST,(C)). 
5. A=(BVC): ST,(A) = (ST,(B) V ST; (C)). 
6. A=(B—>C): ST,(A) =(ST,(B) > ST,(C)). 
7. A=OB: ST,(A) = Vy (Q(x,y) > ST,(B)). 

8. A= OB: ST,(A) = 3y (Q(x,y) A ST,(B)). 


For instance, ST,(Op— p) is Vy (Q(x, y) > P(y)) > P(x). Any 
structure for the language of ST,(A) requires a domain, a two- 
place relation assigned to Q, and subsets of the domain assigned 
to the one-place predicate symbols P;. In other words, the com- 
ponents of such a structure are exactly those of a model for A: 
the domain is the set of worlds, the two-place relation assigned 
to Q is the accessibility relation, and the subsets assigned to P; 
are just the assignments V(p;). It won’t surprise that satisfac- 
tion of A in a modal model and of ST,,(A) in the corresponding 
structure agree: 


Proposition 2.16. LetM = (W,R,V), M’ be the first-order structure 
with |M’|=W, Q™ = R, and PM’ = V(p;), and s(x) = w. Then 


M,w t A iffM’,s & ST,(A) 
Proof. By induction on A. Oo 
Proposition 2.17. Suppose A is a modal formula and F = (W,R) is 


a frame. Let F’ be the first-order structure with |F’| = W and Qf’ = R, 
and let A’ be the second-order formula 


VX, ... WX, Wx ST,(A)[X1/Pi,....Xn/Pal, 
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where Pi, ..., Py are all one-place predicate symbols in ST,,(A). Then 
FEA if Ee EA 


Proof. F’ © A’ iff for every structure M’ where PM’ cC W for 
i=1,..., m, and for every s with s(x) ¢ W, M’,s & ST,(A). By 
Proposition 2.16, that is the case iff for all models M based on F 


and every world w¢ W, M,wt A, i.e., Fre A. oO 


Definition 2.18. A class ¥ of frames is second-order definable if 
there is a sentence A in the second-order language with a single 
two-place predicate symbol P and quantifiers only over monadic 
set variables such that F = (W,R) ¢€ & iff M & A in the struc- 
ture M with |M| = W and P™ = R. 


Corollary 2.19. [fa class of frames is definable by a formula A, the 
corresponding class of accessibility relations is definable by a monadic 
second-order sentence. 


Proof. The monadic second-order sentence A’ of the preceding 
proof has the required property. Oo 


As an example, consider again the formula Of — p. It de- 
fines reflexivity. Reflexivity is of course first-order definable by 
the sentence Vx Q(x,x). But it is also definable by the monadic 
second-order sentence 


VX Vx (Vy (Q(x,9) > X(y)) > X(x)). 


This means, of course, that the two sentences are equivalent. 
Here’s how you might convince yourself of this directly: First 
suppose the second-order sentence is true in a structure M. Since 
x and X are universally quantified, the remainder must hold for 
any x € W and set X C W, e.g., the set {z : Rxz} where R = o™. 
So, for any s with s(x) € W and s(X) = {z : Rxz} we have 
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M t Vy (Q(x,9) — X(y)) — X(x). But by the way we’ve picked 
s(X) that means M,s § Vy (Q(x,y) > Q(x,y)) — Q(x, x), which 
is equivalent to Q(x,x) since the antecedent is valid. Since s(x) 
is arbitrary, we have M § Vx Q(x,x). 

Now suppose that M + VxQ(x,x) and show that M F 
VX Vx (Vy (Q(x, y) — X(y)) — X(x)). Pick any assignment s, 
and assume M,s & Vy (Q(x,y) — X(y)). Let s’ be the y-variant 
of s with s’(y) = s(x); we have M,s’ & Q(x,y) ~ X(y), ie., 
M,s & Q(x,x) > X(x). Since M & Vx Q(x,x), the antecedent 
is true, and we have M,s & X(x), which is what we needed to 
show. 

Since some definable classes of frames are not first-order de- 
finable, not every monadic second-order sentence of the form A’ 
is equivalent to a first-order sentence. There is no effective 
method to decide which ones are. 


Problems 
Problem 2.1. Complete the proof of Theorem 2.1. 
Problem 2.2. Prove the claims in Proposition 2.2. 


Problem 2.3. Let M = (W,R,V) be a model. Show that if R 
satisfies the left-hand properties of ‘lable 2.2, every instance of 
the corresponding right-hand formula is true in M. 


Problem 2.4. Show that if the formula on the right side of ‘Ta- 
ble 2.2 is valid in a frame F, then F has the property on the left 
side. To do this, consider a frame that does not satisfy the prop- 
erty on the left, and define a suitable V such that the formula on 
the right is false at some world. 


Problem 2.5. Prove Proposition 2.9. 


Problem 2.6. Prove Proposition 2.12 by showing: 


1. If R is symmetric and transitive, it is euclidean. 
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2. If R is reflexive, it is serial. 

3. If R is reflexive and euclidean, it is symmetric. 

4. If R is symmetric and euclidean, it is transitive. 

5. If R is serial, symmetric, and transitive, it is reflexive. 


Explain why this suffices for the proof that the conditions are 
equivalent. 


CHAPTER 3 


Axiomatic 
Derivations 


3.1 Introduction 


We have a semantics for the basic modal language in terms of 
modal models, and a notion of a formula being valid—true at 
all worlds in all models—or valid with respect to some class of 
models or frames—true at all worlds in all models in the class, or 
based on the frame. Logic usually connects such semantic charac- 
terizations of validity with a proof-theoretic notion of derivability. 
The aim is to define a notion of derivability in some system such 
that a formula is derivable iff it is valid. 

The simplest and historically oldest derivation systems are 
so-called Hilbert-type or axiomatic derivation systems. Hilbert- 
type derivation systems for many modal logics are relatively easy 
to construct: they are simple as objects of metatheoretical study 
(e.g., to prove soundness and completeness). However, they are 
much harder to use to prove formulas in than, say, natural deduc- 
tion systems. 

In Hilbert-type derivation systems, a derivation of a formula is 
a sequence of formulas leading from certain axioms, via a handful 
of inference rules, to the formula in question. Since we want the 
derivation system to match the semantics, we have to guarantee 


38 


CHAPTER 3. AXIOMATIC DERIVATIONS 39 


that the set of derivable formulas are true in all models (or true in 
all models in which all axioms are true). We'll first isolate some 
properties of modal logics that are necessary for this to work: the 
“normal” modal logics. For normal modal logics, there are only 
two inference rules that need to be assumed: modus ponens and 
necessitation. As axioms we take all (substitution instances) of 
tautologies, and, depending on the modal logic we deal with, a 
number of modal axioms. Even if we are just interested in the 
class of all models, we must also count all substitution instances 
of K and Dual as axioms. This alone generates the minimal nor- 
mal modal logic K. 


Definition 3.1. The rule of modus ponens is the inference schema 


A AB 


B MP 


We say a formula B follows from formulas A, C by modus ponens 
iff C=A—B. 


Definition 3.2. The rule of necessitation is the inference schema 


A 
nA NEC 


We say the formula B follows from the formulas A by necessitation 
iff B=0A. 


Definition 3.3. A derivation from a set of axioms 2 is a sequence 
of formulas B,, Bo, ..., B,, where each B; is either 


1. a substitution instance of a tautology, or 
2. a substitution instance of a formula in 2, or 


3. follows from two formulas B;, By, with 7, k < i by modus 
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ponens, or 
4. follows from a formula B; with 7 < i by necessitation. 


If there is such a derivation with B, = A, we say that A is derivable 
from X, in symbols X + A. 


With this definition, it will turn out that the set of derivable 
formulas forms a normal modal logic, and that any derivable for- 
mula is true in every model in which every axiom is true. This 
property of derivations is called soundness. The converse, com- 
pleteness, is harder to prove. 


3.2 Normal Modal Logics 


Not every set of modal formulas can easily be characterized as 
those formulas derivable from a set of axioms. We want modal 
logics to be well-behaved. First of all, everything we can derive in 
classical propositional logic should still be derivable, of course 
taking into account that the formulas may now contain also O 
and ©. To this end, we require that a modal logic contain all 
tautological instances and be closed under modus ponens. 


Definition 3.4. A modal logic is a set Y of modal formulas which 
1. contains all tautologies, and 


2. is closed under substitution, i.e., if A €¢ 2, and Dj,..., Dy 
are formulas, then 


A[D,/fi.. ‘ ig] fy pe 


3. is closed under modus ponens, i.e., if Aand A— B € X, then 
Bed. 


In order to use the relational semantics for modal logics, we 
also have to require that all formulas valid in all modal models are 
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included. It turns out that this requirement is met as soon as all 
instances of K and DUAL are derivable, and whenever a formula A 
is derivable, so is 0A. A modal logic that satisfies these conditions 
is called normal. (Of course, there are also non-normal modal 
logics, but the usual relational models are not adequate for them.) 


Definition 3.5. A modal logic 2 is normal if it contains 


O(p > q) > (Op > 09), (K) 
ope 707p (DUAL) 


and is closed under necessitation, i.e., if A € X, then OA € ». 


Observe that while tautological implication is “fine-grained” 
enough to preserve truth at a world, the rule NEC only preserves 
truth in a model (and hence also validity in a frame or in a class 
of frames). 


Proposition 3.6. Every normal modal logic is closed under rule RK, 


Ai a A) 


mest Sone 


Proof. By induction on n: If n = 1, then the rule is just NEC, and 
every normal modal logic is closed under NEC. 
Now suppose the result holds for n—1; we show it holds for n. 
Assume 


Ay > (Ag > +++ (An-1 2 An) +++) ex 
By the induction hypothesis, we have 
OA; > (OAg > --- O(An-1 — An) ---) es 


Since 2 is a normal modal logic, it contains all instances of K, 
in particular 


O(An-1 — An) > (GAn-1 7 OAn) € XY 
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Using modus ponens and suitable tautological instances we get 
OA; > (OAg > --- (GAn-1 > OA,)---) EY. O 


Proposition 3.7. Every normal modal logic X contains 3}. 


Proposition 3.8. Let Ai, ..., An be formulas. Then there is a small- 
est modal logic X containing all instances of Ay, ..., An. 


Proof. Given Aj, ..., An, define & as the intersection of all nor- 


mal modal logics containing all instances of Aj, ..., An. The 
intersection is non-empty as Frm(), the set of all formulas, is 
such a modal logic. Oo 


Definition 3.9. The smallest normal modal logic containing A}, 
.., Ay is called a modal system and denoted by KA; ...A,. The 
smallest normal modal logic is denoted by K. 


3-3 Derivations and Modal Systems 


We first define what a derivation is for normal modal logics. 
Roughly, a derivation is a sequence of formulas in which every 
element is either (a substitution instance of) one of a number of 
axioms, or follows from previous elements by one of a few infer- 
ence rules. For normal modal logics, all instances of tautologies, 
K, and DUAL count as axioms. This results in the modal sys- 
tem K, the smallest normal modal logic. We may wish to add 
additional axioms to obtain other systems, however. The rules 
are always modus ponens MP and necessitation NEC. 


Definition 3.10. Given a modal system KA)... A, and a for- 
mula B we say that B is derivable in KA,...A,, written 
KA,...A, + B, if and only if there are formulas C, ..., Cz such 
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that C, = B and each C; is either a tautological instance, or an 
instance of one of K, DUAL, Aj, ..., An, or it follows from previous 
formulas by means of the rules MP or NEC. 


The following proposition allows us to show that B « X by 
exhibiting a 2-derivation of B. 


Proposition 3.11. KA;...4, ={B:KA,...An+ B}. 


Proof. We use induction on the length of derivations to show that 
{B:KA,...Ay + B} C KA... Ay. 

If the derivation of B has length 1, it contains a single formula. 
That formula cannot follow from previous formulas by MP or NEC, 
so must be a tautological instance, an instance of K, DUAL, or an 
instance of one of Aj, ..., A4,. But KA,...A, contains these as 
well, so B € KA]... Ay. 

If the derivation of B has length > 1, then B may in addition 
be obtained by mp or NEC from formulas not occurring as the last 
line in the derivation. If B follows from C' and C—B (by mp), then 
C and C > B € K4A)...A, by induction hypothesis. But every 
modal logic is closed under modus ponens, so B € KA}... An. If 
B =U follows from C' by NEC, then C € KA)... A, by induction 
hypothesis. But every normal modal logic is closed under NEC, 
so Be KA... An. 

The converse inclusion follows by showing that Y = {B : 
K4,...A, + B} is a normal modal logic containing all the in- 
stances of Aj, ..., A,, and the observation that KA; ...A, is, by 
definition, the smallest such logic. 


1. Every tautology B is a_ tautological instance, so 
KA, ...A, + B, so X contains all tautologies. 


2. If KA,...4, + C and KA,...4, + C — B, then 
KA,...A, + B: Combine the derivation of C with that 
of C — B, and add the line B. The last line is justified by 
MP. So & is closed under modus ponens. 
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3. If B has a derivation, then every substitution instance of B 
also has a derivation: apply the substitution to every for- 
mula in the derivation. (Exercise: prove by induction on the 
length of derivations that the result is also a correct deriva- 
tion). So X is closed under uniform substitution. (We have 
now established that 2 satisfies all conditions of a modal 
logic.) 


4. We have KA,...A,+ K, so K € 2. 
5. We have KA ...A, + DUAL, SO DUAL € Y. 


6. If KA,...A, + C, the additional line OC is justified by NEC. 
Consequently, X is closed under NEC. Thus, » is normal. 
O 


3.4 Proofs in K 


In order to practice proofs in the smallest modal system, we show 
the valid formulas on the left-hand side of ‘Table 1.1 can all be 
given K-proofs. 


Proposition 3.12. K+ 0A > oO(B — A) 


Proof. 

1. A> (B-A) TAUT 

2. O(A>(B-A)) NEC, 1 

3. O(A>(B>A)) > (GA>O(B-A)) K 

4. OA—>O(B- A) MP, 2, 3 Oo 


Proposition 3.13. K+ O(4 A B) > (GAA OB) 


Proof. 
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10. 


11. 


CON ANP Hw NYP 


(AA B)7-A 
O((A A B) > A) 
o((A A B) = A) > (O(A A B) > A) 
o(AA B)—> 0A 
(AA B)->B 
O((A A B) > B) 
Oo((A A B) > B) > (G(AA B) > OB) 
o(A A B) > OB 
(a(A A B) > A) > 
((a(A A B) > OB) > 
(a(A A B) > (0A AB))) 
(a(A A B) > oB) > 
(a(A A B) > (OA A B)) 
Oo(A A B) > (GA ADB) 
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TAUT 
NEC 
K 
MP, 2, 3 
TAUT 
NEC 

K 
MP, 6, 7 


TAUT 


MP, 4, 9 
MP, 8, 10. 


Note that the formula on line 9 is an instance of the tautology 


Gog (pono dan) Oo 


Proposition 3.14. K+ (G4 A 0B) > O(AA B) 


Proof. 


Ou ae: 


10. 


A> (B-(AAB)) 
o(A > (B— (AA B))) 


OVA > (B> (AA B))) > (GA > O(B>(AAB))) K 


nA—>o(B— (AA B)) 
oO(B > (AA B)) > (GB > O(AA B)) 
(oA > O(B > (AA B))) > 


(o(B > (AA B)) > (OB 3 0(AA B))) > 


(oA > (OB > 0(A A B)))) 


(OA > (OB > O(A A B))) 
oA > (OB > oO(A A B))) 

(oA > (GAB > O(AAB)))) > 
((GA ADB) > (A A B)) 
(OA AOB) > 0(A A B) 


(o(B > (AA B)) > (OB 3 o(AA B))) > 
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The formulas on lines 6 and 9 are instances of the tautologies 


Pon (G>r)Se >) 
(po (q>r)) > ((PAgQ—7) Oo 


Proposition 3.15. K+ =0f — O-p 


Proof. 
1. Onp@ 7077p DUAL 
2. (Onp o a0-7p) > 
(3077p > 7p) TAUT 
3. AO4p > Onp MP, 1, 2 
4. a1p>p TAUT 
5. O(>7p > p) NEC, 4 
6. O(a7p > p) > (O-7p > Of) K 
7. (O-7p > Of) MP, 5, 6 
8. (O-7p > Of) > (-0f — 70-7) TAUT 
9. 7WOp—- 7O-7p MP, 7, 8 
10. (7-0f — 70-7) > 
((AD=7p > Onp) > (ADP Onp))  TAUT 
11. (-O-7f > O7f) > (-0p > O79) MP, g, 10 
12. 7AOp—-On7p MP, 3, 11 


The formulas on lines 8 and 10 are instances of the tautologies 


(p= ¢) > -e— 7p) 
(pog-(q>rn- (po 7r)). Oo 


3.5 Derived Rules 


Finding and writing derivations is obviously difficult, cumber- 
some, and repetitive. For instance, very often we want to pass 
from A— B to OA > OB, ie., apply rule RK. That requires an 
application of NEC, then recording the proper instance of K, then 
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applying Mp. Passing from A — B and B > C to A— C requires 
recording the (long) tautological instance 


(A> B) > ((B>C€) > (A> C)) 


and applying Mp twice. Often we want to replace a sub-formula 
by a formula we know to be equivalent, e.g., ©A by =0-—A, or 
aA by A. So rather than write out the actual derivation, it is 
more convenient to simply record why the intermediate steps are 
derivable. For this purpose, let us collect some facts about deriv- 
ability. 


Proposition 3.16. JfK + Aj,..., K+ An, and B follows from Aj, 
..-5 An by propositional logic, then K + B. 


Proof. If B follows from Aj, ..., A, by propositional logic, then 
A > (A, > +++ (An > B)...) 


is a tautological instance. Applying Mp n times gives a derivation 
of B. oO 


We will indicate use of this proposition by PL. 


Proposition 3.17. [f/K + 41 > (Az > -+- (An-1 > An)...) then 
Kt GA, > (O49 > --- (GA,-1 > OA,)...). 


Proof. By induction on 2, just as in the proof of Proposition 3.6.0 


We will indicate use of this proposition by RK. Let’s illustrate 
how these results help establishing derivability results more eas- 


ily. 
Proposition 3.18. K+ (G4 A 0B) > O(AA B) 
Proof. 


1 KtA->(B-(AAB)) TAUT 
2, KrodA>(oB->O(AAB))) RK,1 
3. Kt (OAAOB) > O(AA B) PL, 2 Oo 
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Proposition 3.19. J/K + A@BandK + C[A/q] then K + 
C|B/q] 


Proof. Exercise. Oo 


This proposition comes in handy especially when we want 
to convert © into O (or vice versa), or remove double nega- 
tions inside a formula. In what follows, we will mark applica- 
tions of Proposition 3.19 by “A for B” whenever we re-write a for- 
mula C(B) for C(A). In other words, “A for B” abbreviates: 


+ C(A) 
-A@oB 
+ C(B) by Proposition 3.19 


For instance: 


Proposition 3.20. K+ -Op — O-7p 


Proof. 


1. K+ O7pe@-70-7f DUAL 
2. Kt-0-7p>oO-7p PL,1 
3. Kt -0p—> o-p p for =7p Oo 


In the above derivation, the final step “p for —=” is short for 


Kr 7077p - Onp 
K+ -7-pop TAUT 
Kt -0f > o-7p by Proposition 3.19 


The roles of C(q), A, and B in Proposition 3.19 are played here, 
respectively, by -Og — O-p, =7, and p. 

When a formula contains a sub-formula =A, we can replace 
it by O-A using Proposition 3.19, since K + OA @ O7A. We'll 
indicate this and similar replacements simply by “O- for =©.” 

The following proposition justifies that we can establish deriv- 
ability results schematically. E.g., the previous proposition does 
not just establish that K + =Op — 79, but K+ =0A > O-A for 
arbitrary A. 
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Proposition 3.21. [f A is a substitution instance of B and K + B, 
then Kt A. 


Proof. It is tedious but routine to verify (by induction on the 
length of the derivation of B) that applying a substitution to 
an entire derivation also results in a correct derivation. Specif- 
ically, substitution instances of tautological instances are them- 
selves tautological instances, substitution instances of instances 
of DUAL and K are themselves instances of DUAL and K, and appli- 
cations of Mp and NEC remain correct when substituting formulas 
for propositional variables in both premise(s) and conclusion. 0 


3.6 More Proofs in K 


Let’s see some more examples of derivability in K, now using the 
simplified method introduced in section 3.5. 


Proposition 3.22. K+ 0(A—> B) > (OA OB) 


Proof. 

1.9 K+ (A-B)->(-AB-—WA) PL 

2. Kto(A— B) > (048 > 2A) RK, 1 

3. Kt (OnB>O-74A) > (-0-A—>-0-8B) TAUT 

4. Kta(éA- B) > (-0->/4 > -=0-B) PL, 2, 3 

5. K+ro(A>B) > (A> OB) © for =0-, Oo 


Proposition 3.23. K+ 04 > (O(4A— B) > OB) 


Proof. 


K+ A-(AB—>-—7(A—- B)) TAUT 
K+ oA- (O74B > o-7(A > B)) RK, 1 
K+ oA-> (-0-(A—> B) > 7-0-8) PL,2 
K+ oA—> (0(A—> B) > OB) © for 0-7, Oo 


SN 
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Proposition 3.24. K+ (OAV OB) > O(AV B) 


Proof. 

1. Kt-7A(AvB)—-7A TAUT 

2. Kton(Av B)>o-7A RK, 1 

3. Kt and —-> -0-(A Vv B) PL, 2 

4. KtFOA> O(AVB) © for =O0- 

5. KtOB> O(AVB) similarly 

6 K+FE(SAVOB) > O(AVB) PL, 4, 5. o 


Proposition 3.25. K+ O(AV B) > (OAV OB) 


Proof. 

1. K+taAd> (AB -(AV B) TAUT 

2. KtrondA-> (o4B>o-7(AV B) RK 

3. K+tondA- (-0-(4V B) > =0-8)) PL, 2 

4. Kt -70-(A V B) > (074A > 70-8) PL, 3 

5. Kt-ao-(AV B) > (-70-B > 707A) PL, 4 

6. K+tO(AVB) > (A0B—> OA) © for =0- 

7, KrEO(AVB) > (OBV OA) PL, 6. Oo 


3.7. Dual Formulas 


Definition 3.26. Each of the formulas T, B, 4, and 5 has a dual, 
denoted by a subscripted diamond, as follows: 


prop (To) 
yap p (Bo) 
Oop > Op (49) 


Oop — Op (59) 


CHAPTER 3. AXIOMATIC DERIVATIONS 51 


Each of the above dual formulas is obtained from the corre- 
sponding formula by substituting —p for p, contraposing, replac- 
ing =0- by 9, and replacing -0- by 0. D, i-e., OA > OA is its 
own dual in that sense. 

3.8 Proofs in Modal Systems 


We now come to proofs in systems of modal logic other than K. 


Proposition 3.27. The following provability results obtain: 
7. KT5+ B; 
2. KT5+ 4; 
3. KDB4+ T; 
4. KB4+t 5; 
5. KB5+ 4; 
6. KT+ D. 
Proof. We exhibit proofs for each. 
1. KT5+ B: 


1. KT5+OA—>00A 5 
2. KT5+A-OA To 
3. KT5+A—>O0OA PL. 


2. KT5+ 4: 


KT5+ O60oA—o000A 5with DA for p 
KT5+ 04A— o0A To with OA for p 
KT5+ 04-0004 PL, 1, 2 

KT5+ ¢o4—-04 55 
KT5+oO00A—004_ RK, 4 
KT5+o0A—>004 PL, 3, 5. 


Ane wo YP 
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3. KDB4+ T: 
1. KDB4+ ¢o0A—-A Bo 
2. KDB4+00A—>o04A D with OA for p 
3. KDB4'+o00A—A4 PLI, 2 
4. KDB4+o04— 004 4 
5. KDB4+04A—A4 PL, 1, 4. 
4. KB4+ 5 
1. KB4+ O0A—>000A _ B with OA for p 
2. KB4+ 60A—> OA 46 
3. KB4+000A—00A RK, 2 
4. KB4+ OA—>O0A PL, 1, 3. 
5. KB5+ 4 
1. KB5+o4—0004 _ BwithDA for p 
2. KB5+ ooA—>oA 55 
3. KB5+oO00A—oO04 RK, 2 
4. KB5+o0A—0o00A4 PL, 1, 3. 
6. KT + D: 
1. KT+oA-A T 
2. KT+A->oOA To 
3. KT+oOA4->0OA ?PL1,2 oO 


Definition 3.28. Following tradition, we define S4 to be the sys- 
tem KT4, and S5 the system KTB4. 


The following proposition shows that the classical system S5 
has several equivalent axiomatizations. This should not surprise, 
as the various combinations of axioms all characterize equiva- 
lence relations (see Proposition 2.12). 
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Proposition 3.29. KTB4 = KT5 = KDB4 = KDB5. 


Proof. Exercise. Oo 


3.9 Soundness 


A derivation system is called sound if everything that can be de- 
rived is valid. When considering modal systems, i.e., derivations 
where in addition to K we can use instances of some formulas Aj, 
..., An, we want every derivable formula to be true in any model 
in which Aj, ..., A, are true. 


Theorem 3.30 (Soundness Theorem). Jf every instance of Aj, 

.., An is valid in the classes of models 61, ..., Gn, respectively, 
then KA, ...A, + B implies that B is valid in the class of models 
G1 0-+-ANECn. 


Proof. By induction on length of proofs. For brevity, put 6 = 
C1 N++°1Gy. 


1. Induction Basis: If B has a proof of length 1, then it is either 
a tautological instance, an instance of K, or of DUAL, or an 
instance of one of Aj, ..., A,. In the first case, B is valid 
in %, since tautological instance are valid in any class of 
models, by Proposition 1.16. Similarly in the second case, 
by Proposition 1.19 and Proposition 1.20. Finally in the 
third case, since B is valid in 6; and 6 C %;, we have that 
B is valid in 6 as well by Proposition 1.12. 


2. Inductive step: Suppose B has a proof of length k > 1. 
If B is a tautological instance or an instance of one of Aj, 
..., An, we proceed as in the previous step. So suppose B is 
obtained by mp from previous formulas C'— B and C.. Then 
C — B and C have proofs of length < k, and by inductive 
hypothesis they are valid in 6. By Proposition 1.21, B is 
valid in @ as well. Finally suppose B is obtained by NEC 
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from C (so that B = OC). By inductive hypothesis, C is 
valid in @, and by Proposition 1.13 so is B. Oo 


3.10 Showing Systems are Distinct 


In section 3.8 we saw how to prove that two systems of modal 
logic are in fact the same system. Theorem 3.30 allows us to 
show that two modal systems X and 2’ are distinct, by finding 
a formula A such that 2’ + A that fails in a model of 2. 


Proposition 3.31. KD C KT 


Proof. This is the syntactic counterpart to the semantic fact that 
all reflexive relations are serial. To show KD C KT we need 
to see that KD + B implies KT + B, which follows from KT + 
D, as shown in Proposition 3.27(6). To show that the inclusion 
is proper, by Soundness (Theorem 3.30), it suffices to exhibit a 
model of KD where T, i.e., Op — #, fails (an easy task left as an 
exercise), for then by Soundness KD ¥ Op — p. Oo 


Proposition 3.32. KB # K4. 


Proof. We construct a symmetric model where some instance of 
4 fails; since obviously the instance is derivable for K4 but not in 
KB, it will follow K4 ¢ KB. Consider the symmetric model M of 
Figure 3.1. Since the model is symmetric, K and B are true in M 
(by Proposition 1.19 and Theorem 2.1, respectively). However, 
M,w ¥ Of > of. oO 


Theorem 3.33. KTB ¥ 4 and KTB¥ 5. 


Proof. By Theorem 2.1 we know that all instances of T and B 
are true in every reflexive symmetric model (respectively). So by 
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7p p 
Oo. © 
“x___ESEOe 
I Op Op 

¥ Oop 


Figure 3.1: A symmetric model falsifying an instance of 4. 


soundness, it suffices to find a reflexive symmetric model contain- 
ing a world at which some instance of 4 fails, and similarly for 5. 
We use the same model for both claims. Consider the symmetric, 
reflexive model in Figure 3.2. Then M,w ¥ Op — Of, so 4 fails 
at w. Similarly, M,w. * O=p > 00-9, so the instance of 5 with 
A= 7p fails at wo. Oo 


omen: 
Go: © © 


+ Op It Onp 
¥* oop KK OOn4p 
K Onp 


Figure 3.2: The model for Theorem 3.33. 


Theorem 3.34. KD5 + KT4 = S4. 


Proof. By ‘Theorem 2.1 we know that all instances of D and 5 
are true in all serial euclidean models. So it suffices to find a 
serial euclidean model containing a world at which some instance 
of 4 fails. Consider the model of Figure 3.3, and notice that 
M,w, -¥ Of > of. Oo 
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I Of, ¥ Oop 


Figure 3.3: The model for Theorem 3.34. 


3.11 Derivability from a Set of Formulas 


In section 3.8 we defined a notion of provability of a formula in 
a system 2. We now extend this notion to provability in XY from 
formulas in a set I’. 


Definition 3.35. A formula A is derivable in a system X from a 
set of formulas I’, written [+ y A if and only if there are By, ..., 
B, € I such that XY + By — (By > ---(By, — A)---). 


3.12 Properties of Derivability 


Proposition 3.36. Let X be a modal system and I a set of modal 
formulas. The following properties hold: 


1. Monotonicity: fT ty AandI CA thenAts A; 
2. Reflexivity: fA ¢ I thenI ts A; 


3. Cut: fl +s Aand AU {A} ts B then UAts B; 
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4. Deduction theorem: [U{B} tx A ifand only if ts BA; 


5. [ ty Ay and...andI ty A, and Ay — (Ag > -:- (An > 
B)---) is a tautological instance, thenI' ty B. 


The proof is an easy exercise. Part (5) of Proposition 3.36 
gives us that, for instance, if ts AV Band ts -—A, then 
I’ ty B. Also, in what follows, we write [,A ty B instead of 
TU {A} ty B. 


Definition 3.37. A set I’ is deductively closed relatively to a sys- 
tem 2 if and only if 7 +s A implies A € I. 


3.13 Consistency 


Consistency is an important property of sets of formulas. A set 
of formulas is inconsistent if a contradiction, such as L, is deriv- 
able from it; and otherwise consistent. If a set is inconsistent, its 
formulas cannot all be true in a model at a world. For the com- 
pleteness theorem we prove the converse: every consistent set is 
true at a world in a model, namely in the “canonical model.” 


Definition 3.38. A set I’ is consistent relatively to a system » or, 
as we will say, X-consistent, if and only if [ ¥s LL. 


So for instance, the set {O(p — ¢),0,-=0@} is consistent rela- 
tively to propositional logic, but not K-consistent. Similarly, the 
set {Op,00p — q,7q} is not K5-consistent. 


Proposition 3.39. Let I be a set of formulas. Then: 


1. I is X-consistent if and only if there is some formula A such that 
I ¥y A. 


2. [ty A if and only if U {7A} is not X -consistent. 


CHAPTER 3. AXIOMATIC DERIVATIONS 58 


3. fT is X-consistent, then for any formula A, either I U {A} is 
 -consistent or I U {=A} is d -consistent. 


Proof. These facts follow easily using classical propositional logic. 
We give the argument for (3). Proceed contrapositively and sup- 
pose neither [ U {A} nor I U {74} is X-consistent. Then by 
(2), both 7,Aty Land /,7Atys 1. By the deduction theorem 
Its A> LandI' ts =A LL. But (A> 1) ((7A—> L) > 1) is 
a tautological instance, hence by Proposition 3.30(5), Pts 1. o 


Problems 

Problem 3.1. Prove Proposition 3.7. 

Problem 3.2. Find derivations in K for the following formulas: 
1. Onp > O(f > q) 
2. (Op VOqg) > Op V 4g) 
3. OP > O(PV 9g) 


Problem 3.3. Prove Proposition 3.19 by proving, by induction 
on the complexity of C, that if K + A B then Kt C[A/q] © 
C[B/q). 


Problem 3.4. Show that the following derivability claims hold: 
1. K+ O71 > (04> 04); 
2. K+ a(Av B) > (CAV OB); 
3. K+ (O¢A4-> 0B) -oO(A— B). 


Problem 3.5. Show that for each formula A in Definition 3.26: 
Kt AacAp. 


Problem 3.6. Prove Proposition 3.29. 
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Problem 3.7. Give an alternative proof of Theorem 3.34 using a 
model with 3 worlds. 


Problem 3.8. Provide a single reflexive transitive model showing 
that both KT4 ¥ B and KT4¥ 5. 


CHAPTER 4 


Completeness 
and Canonical 


Models 


4.1. Introduction 


If X is a modal system, then the soundness theorem establishes 
that if X + A, then A is valid in any class 6 of models in which all 
instances of all formulas in » are valid. In particular that means 
that if K + A then A is true in all models; if KT + A then A is 
true in all reflexive models; if KD + A then A is true in all serial 
models, etc. 

Completeness is the converse of soundness: that K is com- 
plete means that if a formula A is valid, + A, for instance. Prov- 
ing completeness is a lot harder to do than proving soundness. 
It is useful, first, to consider the contrapositive: K is complete iff 
whenever ¥ A, there is a countermodel, i.e., a model M such that 
M ¥ A. Equivalently (negating A), we could prove that whenever 
¥ 7A, there is a model of A. In the construction of such a model, 
we can use information contained in A. When we find models 
for specific formulas we often do the same: e.g., if we want to 
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find a countermodel to p — Og, we know that it has to contain 
a world where f is true and Og is false. And a world where O9 
is false means there has to be a world accessible from it where 
q is false. And that’s all we need to know: which worlds make 
the propositional variables true, and which worlds are accessible 
from which worlds. 

In the case of proving completeness, however, we don’t have 
a specific formula A for which we are constructing a model. We 
want to establish that a model exists for every A such that ks =A. 
This is a minimal requirement, since if ts =A, by soundness, 
there is no model for A (in which 2 is true). Now note that 
ky 7A iff A is X-consistent. (Recall that © ks =A and A ky 1 
are equivalent.) So our task is to construct a model for every 
+ -consistent formula. 

The trick we'll use is to find a 2-consistent set of formulas 
that contains A, but also other formulas which tell us what the 
world that makes A true has to look like. Such sets are complete X- 
consistent sets. It’s not enough to construct a model with a single 
world to make A true, it will have to contain multiple worlds and 
an accessibility relation. The complete 2-consistent set contain- 
ing A will also contain other formulas of the form OB and OC. In 
all accessible worlds, B has to be true; in at least one, C has to be 
true. In order to accomplish this, we'll simply take all possible 
complete 2-consistent sets as the basis for the set of worlds. A 
tricky part will be to figure out when a complete 2-consistent set 
should count as being accessible from another in our model. 

We'll show that in the model so defined, A is true at a world— 
which is also a complete 2-consistent set—iff A is an element of 
that set. If A is X-consistent, it will be an element of at least one 
complete 2-consistent set (a fact we'll prove), and so there will 
be a world where A is true. So we will have a single model where 
every Y-consistent formula A is true at some world. This single 
model is the canonical model for 2. 
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4.2 Complete 2-Consistent Sets 


Suppose 2 is a set of modal formulas—think of them as the 
axioms or defining principles of a normal modal logic. A set 
I is S-consistent iff [ ¥y L, ie., if there is no derivation 
of A; > (Ap > --: (A,  L)...) from 2, where each A; € I. 
We will construct a “canonical” model in which each world is 
taken to be a special kind of 2-consistent set: one which is not 
just 2'-consistent, but maximally so, in the sense that it settles the 
truth value of every modal formula: for every A, either A € I’ or 
“AeTr: 


Definition 4.1. A set I is complete X-consistent if and only if it is 
2'-consistent and for every A, either A¢ I or =A eT. 


Complete 2-consistent sets / have a number of useful prop- 
erties. For one, they are deductively closed, i.e., if [ +s A then 
A ¢€ I. This means in particular that every instance of a for 
mula A € & is also € I’. Moreover, membership in I’ mirrors the 
truth conditions for the propositional connectives. This will be 
important when we define the “canonical model.” 


Proposition 4.2. Suppose I’ is complete X -consistent. Then: 
1. I’ is deductively closed in X. 
a 2 CIF. 
R Ler 
4. AAET ifand only ifA€T. 
5 ANBET iffAETl andBeT 
CAVBer iy Ae or Be 


7a ee ay Ae iron Eee ve 
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Proof. 1. Supposel’ +s Abut A ¢ I. Then since I is complete 
-consistent, =A € I. This would make I inconsistent, 
since A,nAty LL. 


2. If Ae thenl ty A, and A€ TI by deductive closure, i.e., 
case (1). 


3. If L el, then ts 1, so I would be 2-inconsistent. 


4. If =A € I, then by consistency A ¢ I; and if A ¢ I then 
AéT since I is complete 2-consistent. 


5. Exercise. 


6. Suppose AVBeT,andA¢I and B¢T. Since I is com- 
plete X-consistent, -A ¢ [and =B ¢ I. Then =(AVB) € I 
since ~A— (=B—-(AV B)) is a tautological instance. This 
would mean that I is 2’-inconsistent, a contradiction. 


7. Exercise. 


4.3 Lindenbaum’s Lemma 


Lindenbaum’s Lemma establishes that every 2-consistent set of 
formulas is contained in at least one complete X-consistent set. 
Our construction of the canonical model will show that for each 
complete »-consistent set 4, there is a world in the canonical 
model where all and only the formulas in 4 are true. So Linden- 
baum’s Lemma guarantees that every 2-consistent set is true at 
some world in the canonical model. 


Theorem 4.3 (Lindenbaum’s Lemma). Jf [is %-consistent 
then there is a complete X -consistent set A extending I’. 


Proof. Let Ao, Ai, .... be an exhaustive listing of all formulas 
of the language (repetitions are allowed). For instance, start by 
listing po, and at each stage n > 1 list the finitely many formulas 
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of length n using only variables among fp, ..., Py. We define sets 
of formulas 4, by induction on n, and we then set 4 = U, 4n. We 
first put 49 = 7. Supposing that 4, has been defined, we define 
Ans by: 


Aa = A,U{An}, if 4, U{A,} is »-consistent; 
— A, U{AA,}, otherwise. 


Now let 4 = UP An. 

We have to show that this definition actually yields a set 4 
with the required properties, ie.,  C A and A is complete 2- 
consistent. 

It’s obvious that  C A, since 4p C A by construction, and 
Ay =I. In fact, 4, C A for all n, since 4 is the union of all 4p. 
(Since in each step of the construction, we add a formula to the 
set already constructed, 4, € 4n41, so since C is transitive, 4, C 
Am Whenever n < m.) At each stage of the construction, we either 
add A, or =A,, and every formula appears (at least once) in the 
list of all A,. So, for every A either A € 4 or 7A € J, so A is 
complete by definition. 

Finally, we have to show, that 4 is 2-consistent. To do this, 
we show that (a) if 4 were 2 -inconsistent, then some 4, would 
be 2-inconsistent, and (b) all 4, are +-consistent. 

So suppose 4 were 2 -inconsistent. Then 4+ 5 1, i.e., there 
are Ay, ..., Ay € A such that XY + Ay > (Ag > --- (Ap L)...). 
Since 4 = UP) An, each A; € An, for some n;. Let n be the largest 
of these. Since n; < n, In, © An. So, all A; are in some 4,. This 
would mean 4, ty 1, ie., 4, is d'-inconsistent. 

To show that each 4, is X-consistent, we use a simple induc- 
tion on n. Ap = I, and we assumed I was 2-consistent. So 
the claim holds for n = 0. Now suppose it holds for n, ie., 4, 
is X-consistent. 4,41 is either 4, U {A,} if that is 2-consistent, 
otherwise it is 4, U {4A,}. In the first case, 4n41 is clearly 2- 
consistent. However, by Proposition 3.39(3), either 4, U {A,} or 
A, U {AA,} is consistent, so 4,41 is consistent in the other case 
as well. Oo 
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Corollary 4.4. [ ts A ifand only if A € A for each complete X - 
consistent set A extending I’ (including when I = 0, in which case we 
get another characterization of the modal system .) 


Proof. Suppose I ts A, and let 4 be any complete X-consistent 
set extending I’. If A ¢ A then by maximality =A € J and so 
A ty A (by monotonicity) and 4 ts =A (by reflexivity), and 
so A is inconsistent. Conversely if [ ¥s A, then [ U {=A} is 
2 -consistent, and by Lindenbaum’s Lemma there is a complete 
consistent set 4 extending [ U {=A}. By consistency, A¢ A. O 


4.4 Modalities and Complete Consistent 
Sets 


When we construct a model M~* whose set of worlds is given by 
the complete 2-consistent sets 4 in some normal modal logic 2, 
we will also need to define an accessibility relation R~ between 
such “worlds.” We want it to be the case that the accessibility 
relation (and the assignment V~) are defined in such a way that 
M~*,At A iff A € A. How should we do this? 

Once the accessibility relation is defined, the definition of 
truth at a world ensures that M*,4 + OA iff M*,/’ + A for 
all A’ such that R* AA’. The proof that M*,A t A iff A € A 
requires that this is true in particular for formulas starting with 
a modal operator, i.e., M*,/ + OA iff OA € A. Combining this 
requirement with the definition of truth at a world for OA yields: 


OA € A iff A € J’ for all 4’ with R* Ad’ 


Consider the left-to-right direction: it says that if OA € A, then 
A € A’ for any A and any 4’ with R* 44’. If we stipulate that 
R* AA’ iff A € A’ for all OA € A, then this holds. We can write 
the condition on the right of the “iff? more compactly as: {A : 
pAe ACM. 
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So the question is: does this definition of R~ in fact guarantee 
that OA € A iff M~,/ + OA? Does it also guarantee that OA € 4 
iff M* ,4 + }A? The next few results will establish this. 


Definition 4.5. If I’ is a set of formulas, let 


of ={oB:BeTl} 
OF ={OB:BeT)T} 


and 


ofr ={B:oBeTr} 
Our ={B: OoBeT} 


In other words, OF is 7 with O in front of every formula in I; 
o7!F is all the o’ed formulas of IF with the initial 0’s removed. 
This definition is not terribly important on its own, but will sim- 
plify the notation considerably. 

Note that oor CT: 


oo fr = {oB:oBeT} 
i.e., it’s just the set of all those formulas of I that start with O. 


Lemma 4.6. [fT ty A thenOl' ty OA. 


Proof. If [ ts A then there are Bi, ..., By € TF such that Y + 
B, — (By > --:(B, > A)---). Since X is normal, by rule RK, 
+ + OB, > (OB, > --- (OB, — OA)---), where obviously 08, 
..., OB, € OF. Hence, by definition, O7 +s OA. Oo 


Lemma 4.7. fol ty A then ty OA. 


Proof. Suppose O-1T ty A; then by Lemma 4.6, OOF + OA. 
But since OO 1F CT, also [ ty OA by monotonicity. o 
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Proposition 4.8. [fT is complete X -consistent, thenOA € I if and 
only if for every complete X -consistent A such that‘ C A, it holds 
that A€ A. 


Proof. Suppose I is complete X-consistent. The “only if” direc- 
tion is easy: Suppose OA € I and that C Z. Since OA ET, 
Aen" lcd, soAe A. 

For the “if” direction, we prove the contrapositive: Suppose 
OA ¢ I. Since I is complete 2-consistent, it is deductively 
closed, and hence [ ¥y OA. By Lemma 4.7, OW ¥s A. By 
Proposition 3.39(2), or U {=A} is Y-consistent. By Linden- 
baum’s Lemma, there is a complete X-consistent set 4 such that 
ofr U {34} € A. By consistency, A ¢ A. oO 


Lemma 4.9. Suppose I and A are complete X-consistent. Then 
or CA ifand only ifOA CT. 


Proof. “Only if” direction: Assume 0-1 € A and suppose OA € 
OA (ie., A € A). In order to show OA € IJ, it suffices to show 
o-A ¢ TJ, for then by maximality, -0—A € I’. Now, if O74 € T° 
then by hypothesis =A € A, against the consistency of 4 (since 
A c€ A). Hence O-A ¢ I, as required. 

“If” direction: Assume 4 C I’. We argue contrapositively: 
suppose A ¢ 4 in order to show OA ¢ I. If A ¢ JA then by 
maximality =A € J and so by hypothesis ©-=A € I. But ina 
normal modal logic ©—=A is equivalent to =O, and if the latter 
is in I’, by consistency 04 ¢ I, as required. Oo 


Proposition 4.10. [fT is complete X -consistent, then >A € T ifand 
only if for some complete X-consistent A such that OA CT, it holds 
that A€ A. 


Proof. Suppose I" is complete -consistent. OA € I iff s0-A € T 
by puAL and closure. =0-A € I iff 4A ¢ I by Proposition 4.2(4) 
since I’ is complete X-consistent. By Proposition 4.8, OAA ¢ 
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iff, for some complete Y-consistent 4 with O-1F ¢C A, AA ¢ A. 
Now consider any such 4. By Lemma 4.9, 011 € Aiff O4 CT. 
Also, =A ¢ 4 iff A € A by Proposition 4.2(4). So OA € T iff, for 
some complete 2-consistent 4 with O4 CT, Ae J. Oo 


4.5 Canonical Models 


The canonical model for a modal system ¥ is a specific model M~ 
in which the worlds are all complete 2’-consistent sets. Its acces- 
sibility relation R* and valuation V~ are defined so as to guar- 
antee that the formulas true at a world A are exactly the formulas 
making up 4. 


Definition 4.11. Let X be a normal modal logic. The canonical 
model for © is M~ = (W* ,R* ,V~), where: 
1. W~ ={A: A is complete X-consistent}. 


2. R* AA’ holds if and only if o714 € 4’. 


3. V*(p) ={4: pe A}. 


4.6 The Truth Lemma 


The canonical model M* is defined in sucha way that M*,AHA 
iff A € A. For propositional variables, the definition of V~ yields 
this directly. We have to verify that the equivalence holds for all 
formulas, however. We do this by induction. The inductive step 
involves proving the equivalence for formulas involving proposi- 
tional operators (where we have to use Proposition 4.2) and the 
modal operators (where we invoke the results of section 4.4). 


Proposition 4.12 (Truth Lemma). For every formula _ A, 
M*,At- A ifand only if A € A. 


Proof. By induction on A. 
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1. A=1: M*,A 1 by Definition 1.7, and 1 ¢ A by Propo- 
sition 4.2(3). 


2. A=p: M*,At p iff 4 € V*(p) by Definition 1.7. Also, 
A €V~(p) iff p € A by definition of V*. 


3. A= 7B: M*,A + AB iff M*,A ¥ B (Definition 1.7) iff 
B ¢ A (by inductive hypothesis) iff =B € A (by Proposi- 
tion 4.2(4)). 


4. A= BAC: Exercise. 


5. A= BVC: M*,At BV C iff M*,A + B or M*, At C (by 
Definition 1.7) iff B € A or C € A (by inductive hypothesis) 
iff B V C € A (by Proposition 4.2(6)). 


6. A=B—C: Exercise. 


7. A=OB: First suppose that M*,/ + OB. By Definition 1.7, 
for every 4’ such that R* 4A’, M*,A’ + B. By inductive 
hypothesis, for every 4’ such that R* 44’, B € A’. By defi- 
nition of R~, for every 4’ such that 0-14 ¢ 4’, Be A’. By 
Proposition 4.8, OB € 4. 


Now assume OB € 4. Let 4’ € W~ be such that R* AJ’, 
ie., O14 C A’. Since OB € A, B € 0-14. Consequently, 
B € J’. By inductive hypothesis, M*,A’ t B. Since 4’ is 
arbitrary with R* 44’, for all 4’ « W~ such that R* 4d’, 
M* A’ + B. By Definition 1.7, M*,AtrOB. 


8. A= OB: Exercise. Oo 


4-7 Determination and Completeness for K 


We are now prepared to use the canonical model to establish com- 
pleteness. Completeness follows from the fact that the formulas 
true in the canonical model for 2 are exactly the 2-derivable 
ones. Models with this property are said to determine 2. 
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Definition 4.13. A model M determines a normal modal logic 
precisely when M t- A if and only if 2 + A, for all formulas A. 


Theorem 4.14 (Determination). M~ t A ifand only if + A. 


Proof, If M* t A, then for every complete -consistent 4, we 
have M*,4 t A. Hence, by the Truth Lemma, A ¢€ 4 for every 
complete X-consistent 4, whence by Corollary 4.4 (with I = 0), 
2 FA, 

Conversely, if 2 + A then by Proposition 4.2(1), every com- 
plete 2-consistent 4 contains A, and hence by the Truth Lemma, 
M*,At A for every 4 € W*,ie., M* +A. Oo 


Since the canonical model for K determines K, we immedi- 
ately have completeness of K as a corollary: 


Corollary 4.15. The basic modal logic K is complete with respect to 
the class of all models, i.e. ift A thenK + A. 


Proof, Contrapositively, if K ¥ A then by Determination M® # A 
and hence A is not valid. Oo 


For the general case of completeness of a system 2 with re- 
spect to a class of models, e.g., of KTB4 with respect to the class 
of reflexive, symmetric, transitive models, determination alone 
is not enough. We must also show that the canonical model for 
the system X is a member of the class, which does not follow ob- 
viously from the canonical model construction—nor is it always 
true! 


4.8 Frame Completeness 


The completeness theorem for K can be extended to other modal 
systems, once we show that the canonical model for a given logic 
has the corresponding frame property. 
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Theorem 4.16. [fa normal modal logic X contains one of the for- 
mulas on the left-hand side of Table 4.1, then the canonical model for X 
has the corresponding property on the right-hand side. 


If X contains... || ...the canonical model for X is: 
D: OA->OA serial; 

T: oOA-A reflexive; 

B: A—>OOA symmetric; 

4. OA—->oOoOA transitive; 

5: O©A—>00A euclidean. 


Table 4.1: Basic correspondence facts. 


Proof. We take each of these up in turn. 

Suppose ¥ contains D, and let 4 € W~; we need to show that 
there is a 4’ such that R* 44’. It suffices to show that 0714 is 
2 -consistent, for then by Lindenbaum’s Lemma, there is a com- 
plete X-consistent set 4’ 2 O14, and by definition of R~ we 
have R* 4A’. So, suppose for contradiction that 0-14 is not Y- 
consistent, i.e., O14 ty L. By Lemma 4.7, 4+ s O1, and since X 
contains D, also d+s OL. But X is normal, so X + ~OL (Propo- 
sition 3.7), whence also 4 ts AOL, against the consistency of /. 

Now suppose contains T, and let 4 ¢ W~. We want to 
show R* AA, ie... 0-14 C A. But if OA € A then by T also A € JA, 
as desired. 

Now suppose ¥ contains B, and suppose R* Ad’ for 4, 
A’ ¢ W~. We need to show that R* 4’4, ie., O14’ C A. By 
Lemma 4.9, this is equivalent to 64 C A’. So suppose A € A. By 
B, also OOA € A. By the hypothesis that R~ 44’, we have that 
o-14 € A’, and hence OA € 4’, as required. 

Now suppose 2 contains 4, and suppose R* A, Aq and 
R* A2A3. We need to show R* 4,43. From the hypothesis we have 
both O714; € Ag and a7! 4 © As. In order to show R* 41/3 it 
suffices to show 0714; C A3. So let B € O71}, ie., OB € A}. By 
4, also OOB ¢€ 4j and by hypothesis we get, first, that OB € A» 
and, second, that B € 43, as desired. 
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Now suppose » contains 5, suppose R* 414 and R* 4143. 
We need to show R* 443. The first hypothesis gives 0714) C 
Ag, and the second hypothesis is equivalent to O43 C Ag, by 
Lemma 4.9. To show R* 4243, by Lemma 4.9, it suffices to show 
©A3 © Ag. So let OA € OAs, ie., A € 43. By the second hy- 


pothesis >A € 4; and by 5, OOA € 4] as well. But now the first 
hypothesis gives ©A € Ao, as desired. Oo 


As a corollary we obtain completeness results for a number 
of systems. For instance, we know that S5 = KT5 = KTB4 
is complete with respect to the class of all reflexive euclidean 
models, which is the same as the class of all reflexive, symmetric 
and transitive models. 


Theorem 4.17. Let 6p, 6r, 6p, 64, and Gs be the class of all se- 
rial, reflexive, symmetric, transitive, and euclidean models (respectively). 
Then for any schemas Aj, ..., An among D, T, B, 4, and 5, the system 
KA,...A, is determined by the class of models 6 = 64, ---NGa,,- 


Proposition 4.18. Let X be a normal modal logic; then: 


1. If X contains the schema OA — DA then the canonical model 
for & is partially functional. 


2. If X contains the schema A @ OA then the canonical model 
for X is functional. 


3. IfX contains the schema QOA — DA then the canonical model 
for X is weakly dense. 


(see lable 2.2 for definitions of these frame properties). 


Proof. 1. Suppose that X contains the schema OA — DA, to 
show that R* is partially functional we need to prove that 
for any 44, Ao, 43 € W~, if R* 4,49 and R* 41/43 then Ao = 
As. Since R~* 4149 we have 0714; € Ag and since R* 4143 
also O7!4] C As. The identity 49 = 43 will follow if we can 
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establish the two inclusions 49 C 43 and 43 C Ag. For the 
first inclusion, let A € 49; then OA € 4}, and by the schema 
and deductive closure of 4; also OA € 4, whence by the 
hypothesis that R* 4,43, A € A3. The second inclusion is 
similar. 


2. This follows immediately from part (1) and the seriality 
proof in Theorem 4.16. 


3. Suppose X contains the schema 004A — OA and to show 
that R~ is weakly dense, let R* A, Ao. We need to show that 
there is a complete X-consistent set 43 such that R* A143 
and R* A3Ao. Let: 


P= 1A, U Op. 


It suffices to show that I is X-consistent, for then by Lin- 
denbaum’s Lemma it can be extended to a complete 2- 
consistent set 43 such that O7!4; C 43 and O49 C 43, ie., 
R* A143 and R* A349 (by Lemma 4.9). 


Suppose for contradiction that I is not consistent. Then 
there are formulas 04),..., OA, € 4; and By, ..., By € Ao 
such that 


Ay,...,An, OB 1,...,O0Bm ty L. 


Since O(B, A---A Bn) — (OB, A-:: A OB) is derivable 
in every normal modal logic, we argue as follows, contra- 
dicting the consistency of Ao: 


Ay,...,An,OBy,...,O0Bm ky L 
Ay,...,An ty (OBL A+++ A OBn) > 1 
by the deduction theorem 
Proposition 3.36(4), and TAUT 
Ay,...,An ts O(Bi A+++ A Bn) > 1 


since » is normal 
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Aj,...,Ag ky 2O(B A+++ A Bm) 
by PL 
Ay,...,An ty On(By A--+ A Bm) 
O- for = 
OA,,...,0A, ky OO7(By A--- A By) 
by Lemma 4.6 
OA,,...,0Ay ky O7(B, A--- A Bn) 
by schema 004 — OA 
Ay ky O7( By A--+ A By) 
by monotonicity, Proposition 3.36(1) 
O7(B, A---A Bm) € Ay 
by deductive closure; 
a(B, A--+ A Bn) € Ag 


since R* 41 Ap. oO 


On the strength of these examples, one might think that every 
system » of modal logic is complete, in the sense that it proves ev- 
ery formula which is valid in every frame in which every theorem 
of X is valid. Unfortunately, there are many systems that are not 
complete in this sense. 


Problems 

Problem 4.1. Complete the proof of Proposition 4.2. 

Problem 4.2. Show that if [ is complete 2-consistent, then 
©A € TI if and only if there is a complete 2-consistent 4 such 


that OT C A and A€ A. Do this without using Lemma 4.9. 


Problem 4.3. Complete the proof of Proposition 4.12. 


Filtrations and 
Decidability 


5.1 Introduction 


One important question about a logic is always whether it is de- 
cidable, i.e., if there is an effective procedure which will answer 
the question “is this formula valid.” Propositional logic is decid- 
able: we can effectively test if a formula is a tautology by con- 
structing a truth table, and for a given formula, the truth table 
is finite. But we can’t obviously test if a modal formula is true 
in all models, for there are infinitely many of them. We can list 
all the finite models relevant to a given formula, since only the 
assignment of subsets of worlds to propositional variables which 
actually occur in the formula are relevant. If the accessibility re- 
lation is fixed, the possible different assignments V (p) are just all 
the subsets of W, and if |W| = n there are 2” of those. If our 
formula A contains m propositional variables there are then 2”” 
different models with n worlds. For each one, we can test if A is 
true at all worlds, simply by computing the truth value of A in 
each. Of course, we also have to check all possible accessibility 
relations, but there are only finitely many relations on n worlds 
as well (specifically, the number of subsets of W x W, i.e., a 
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If we are not interested in the logic K, but a logic defined by 
some class of models (e.g., the reflexive transitive models), we 
also have to be able to test if the accessibility relation is of the 
right kind. We can do that whenever the frames we are interested 
in are definable by modal formulas (e.g., by testing if T and 4 
valid in the frame). So, the idea would be to run through all 
the finite frames, test each one if it is a frame in the class we’re 
interested in, then list all the possible models on that frame and 
test if A is true in each. If not, stop: A is not valid in the class of 
models of interest. 

There is a problem with this idea: we don’t know when, if 
ever, we can stop looking. If the formula has a finite counter- 
model, our procedure will find it. But if it has no finite counter 
model, we won’t get an answer. The formula may be valid (no 
countermodels at all), or it have only an infinite countermodel, 
which we’ll never look at. This problem can be overcome if we 
can show that every formula that has a countermodel has a finite 
countermodel. If this is the case we say the logic has the finite 
model property. 

But how would we show that a logic has the finite model prop- 
erty? One way of doing this would be to find a way to turn an 
infinite (counter)model of A into a finite one. If that can be done, 
then whenever there is a model in which A is not true, then the 
resulting finite model also makes A not true. That finite model 
will show up on our list of all finite models, and we will eventually 
determine, for every formula that is not valid, that it isn’t. Our 
procedure won’t terminate if the formula is valid. If we can show 
in addition that there is some maximum size that the finite model 
our procedure provides can have, and that this maximum size de- 
pends only on the formula A, we will have a size up to which we 
have to test finite models in our search for countermodels. If we 
haven’t found a countermodel by then, there are none. Then our 
procedure will, in fact, decide the question “is A valid?” for any 
formula A. 

A strategy that often works for turning infinite structures into 
finite structures is that of “identifying” elements of the structure 
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which behave the same way in relevant respects. If there are 
infinitely many worlds in M that behave the same in relevant 
respects, then we might hope that there are only finitely many 
“classes” of such worlds. In other words, we partition the set of 
worlds in the right way. Each partition contains infinitely many 
worlds, but there are only finitely many partitions. Then we de- 
fine a new model M* where the worlds are the partitions. Finitely 
many partitions in the old model give us finitely many worlds 
in the new model, i.e., a finite model. Let’s call the partition a 
world w is in [w]. We'll want it to be the case that M,w t A iff 
M*,[w] + A, since we want the new model to be a countermodel 
to A if the old one was. This requires that we define the partition, 
as well as the accessibility relation of M* in the right way. 

To see how this would go, first imagine we have no accessi- 
bility relation. M,w t+ OB iff for some v € W, M,v t OB, and 
the same for M*, except with [w] and [v]. As a first idea, let’s 
say that two worlds u and v are equivalent (belong to the same 
partition) if they agree on all propositional variables in M, i.e., 
M,u + p iff M,v t p. Let V*(p) = {[w] : M,w + p}. Our aim 
is to show that M,w tt A iff M*,[w] A. Obviously, we'd prove 
this by induction: The base case would be A = fp. First suppose 
M,w |t p. Then [w] € V™ by definition, so M*,[w] It p. Now 
suppose that M*,[w] t p. That means that [w] € V*(p), ie., 
for some v equivalent to w, M,v  p. But “w equivalent to v” 
means “w and v make all the same propositional variables true,” 
so M,w t+ p. Now for the inductive step, e.g., A = ~B. Then 
M,w t =B iff M,w # B iff M*,[w] * B (by inductive hypothesis) 
iff M*,[w] t =B. Similarly for the other non-modal operators. 
It also works for 0: suppose M*,[w] + OB. That means that 
for every [u], M*,[u] t B. By inductive hypothesis, for every u, 
M,u tt B. Consequently, M,w + OB. 

In the general case, where we have to also define the accessi- 
bility relation for M*, things are more complicated. We'll call 
a model M* a filtration if its accessibility relation R* satisfies 
the conditions required to make the inductive proof above go 
through. Then any filtration M* will make A true at [w] iff M 
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makes A true at w. However, now we also have to show that there 
are filtrations, i.e., we can define R* so that it satisfies the required 
conditions. In order for this to work, however, we have to require 
that worlds u, v count as equivalent not just when they agree on 
all propositional variables, but on all sub-formulas of A. Since A 
has only finitely many sub-formulas, this will still guarantee that 
the filtration is finite. There is not just one way to define a fil- 
tration, and in order to make sure that the accessibility relation 
of the filtration satisfies the required properties (e.g., reflexive, 
transitive, etc.) we have to be inventive with the definition of R*. 


5.2 Preliminaries 


Filtrations allow us to establish the decidability of our systems of 
modal logic by showing that they have the finite model property, 
i.e., that any formula that is true (false) in a model is also true 
(false) in a finite model. Filtrations are defined relative to sets of 
formulas which are closed under subformulas. 


Definition 5.1. A set I of formulas is closed under subformulas 
if it contains every subformula of a formula in 7. Further, 
is modally closed if it is closed under subformulas and moreover 
AcéT implies O04,OA €T. 


For instance, given a formula A, the set of all its sub-formulas 
is closed under sub-formulas. When we're defining a filtration 
of a model through the set of sub-formulas of A, it will have the 
property we’re after: it makes A true (false) iff the original model 
does. 

The set of worlds of a filtration of M through I is defined 
as the set of all equivalence classes of the following equivalence 
relation. 


Definition 5.2. Let M = (W,R,V) and suppose I is closed un- 
der sub-formulas. Define a relation = on W to hold of any two 
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worlds that make the same formulas from I true, i.e.: 
u=v ifandonlyif VAcr:MutASMot A. 


The equivalence class [w]= of a world w, or [w] for short, is the 
set of all worlds =-equivalent to w: 


[w] ={v:v=w}. 


Proposition 5.3. Given M and I, = as defined above is an equiva- 
lence relation, i.e., it is reflexive, symmetric, and transitive. 


Proof. The relation = is reflexive, since w makes exactly the same 
formulas from I true as itself. It is symmetric since if u makes 
the same formulas from I true as v, the same holds for v and u. 
It is also transitive, since if u makes the same formulas from [" 
true as v, and v as w, then u makes the same formulas from I" 
true as w. oO 


The relation =, like any equivalence relation, divides W into 
partitions, i.e., subsets of W which are pairwise disjoint, and to- 
gether cover all of W. Every w € W is an element of one of the 
partitions, namely of [w], since w = w. So the partitions [w] 
cover all of W. They are pairwise disjoint, for if u ¢ [w] and 
u € [v], then u = w and u =v, and by symmetry and transitivity, 
w =v, and so [w| = [v]. 


5.3 Filtrations 


Rather than define “the” filtration of M through I’, we define 
when a model M* counts as a filtration of M. All filtrations have 
the same set of worlds W* and the same valuation V*. But dif- 
ferent filtrations may have different accessibility relations R*. To 
count as a filtration, R* has to satisfy a number of conditions, 
however. These conditions are exactly what we’ll require to prove 
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the main result, namely that M,w t A iff M*,[w] A, provided 
Ael. 


Definition 5.4. Let [ be closed under subformulas and M = 
(W,R,V). A filtration of M through T is any model M* = 
(W*,R*,V*), where: 


1. W* ={[w]: we W}; 
2. For any u,v € W: 


a) If Ruv then R*[u] [v]; 


b) If R*[u][v] then for any 04 € T, if M,u t OA then 
M,v tt A; 


c) If R*[u][v] then for any OA € I, if M,v t A then 
M,u lt OA, 


3. V"(p) = {[u] swe Vip}. 


It’s worthwhile thinking about what V“(p) is: the set con- 
sisting of the equivalence classes [w] of all worlds w where p is 
true in M. On the one hand, if w € V(p), then [w] € V*(p) 
by that definition. However, it is not necessarily the case that if 
[w] ¢ V*(p), then w € V(p). If [w] € V*(p) we are only guar 
anteed that [w] = [u] for some u € V(p). Of course, [w] = [wu] 
means that w = u. So, when [w] € V*(p) we can (only) conclude 
that w = u for some u € V(p). 


Theorem 5.5. If M* is a filtration of M through I, then for every 
AeéeTl andw€ W, we have M,w t- A if and only if M*,[w] + A. 


Proof. By induction on A, using the fact that I is closed under 
subformulas. Since A € I and I is closed under sub-formulas, 
all sub-formulas of A are also € J’. Hence in each inductive step, 
the induction hypothesis applies to the sub-formulas of A. 


1. A=L: Neither M,w t A nor M*,[w] t A. 
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2. A=p: The left-to-right direction is immediate, as M,w t+ A 
only if w € V(p), which implies [w] ¢ V*(p), ie., M*,[w] 
A. Conversely, suppose M*,[w] t A, ie., [w] € V*(p). 
Then for some v € V(p), w = v. Of course then also M,v tt 
p. Since w = v, w and v make the same formulas from 
true. Since by assumption p €¢ J and M,v tt p, M,w t A. 


3. A= AB: M,w t A iff M,w #¥ B. By induction hypothesis, 
M,w # B iff M*,[w] # B. Finally, M*,[w] « Biff M*,[w] + 
A. 


4. Exercise. 


5 A= (BVC): M,w t A iff M,w +t Bor M,w t C. By 
induction hypothesis, M,w t+ B iff M*,[w] + B, and M,w t 
C iff M*,[w] t C. And M*,[w] + A iff M*,[w] + B or 
M*,[w] + C. 


6. Exercise. 


7. A=OB: Suppose M,w tt A; to show that M*,[w] A, let 

v be such that R*[w][v]. From Definition 5.4(2b), we have 
that M,v t B, and by inductive hypothesis M*,[v]  B. 
Since v was arbitrary, M*,[w] + A follows. 
Conversely, suppose M*,[w] t A and let v be arbitrary 
such that Rwv. From Definition 5.4(2a), we have R*[w][v], 
so that M*,[v] i B; by inductive hypothesis M,v tt B, and 
since v was arbitrary, M,w tr A. 


8. Exercise. Oo 


What holds for truth at worlds in a model also holds for truth 
in a model and validity in a class of models. 


Corollary 5.6. Let I be closed under subformulas. Then: 


1. IfM* is a filtration of M through IT then foranyA€T:Mt A 
if and only if M* t A. 
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2. If is a class of models and I'() is the class of I filtrations of 
models in 6, then any formula A € I is valid in € if and only 
if it is valid in T'(€). 


5-4 Examples of Filtrations 


We have not yet shown that there are any filtrations. But indeed, 
for any model M, there are many filtrations of M through I. 
We identify two, in particular: the finest and coarsest filtrations. 
Filtrations of the same models will differ in their accessibility 
relation (as Definition 5.4 stipulates directly what W* and V* 
should be). The finest filtration will have as few related worlds as 
possible, whereas the coarsest will have as many as possible. 


Definition 5.7. Where I is closed under subformulas, the finest 
filtration M* of a model M is defined by putting: 


R*[u][v] ifand only if Aw’ € [u] So’ € [v] : Ru’d’. 


Proposition 5.8. The finest filtration M* is indeed a filtration. 


Proof. We need to check that R*, so defined, satisfies Defini- 
tion 5.4(2). We check the three conditions in turn. 

If Ruv then since u € [u] and v € [v], also R*[u][v], so (2a) 
is satisfied. 

For (2b), suppose 0A € I, R*[ul[v], and M,u + OA. By 
definition of R*, there are u’ = u and v’ = v such that Ru’d’. 
Since wu and wu’ agree on I’, also M,u’ tt OA, so that M,v’ + A. By 
closure of I under sub-formulas, v and v’ agree on A, so M,v It A, 
as desired. 

We leave the verification of (2c) as an exercise. Oo 
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paso 


Figure 5.1: An infinite model and its filtrations. 


Definition 5.9. Where I’ is closed under subformulas, the coars- 
est filtration M* of a model M is defined by putting R*[u][v] if 
and only if both of the following conditions are met: 


1. IfoA eT and M,u + GA then M,v t A; 


2. If OAeT and M,v t A then M,u tt OA. 


Proposition 5.10. The coarsest filtration M* is indeed a filtration. 


Proof. Given the definition of R*, the only condition that is left to 
verify is the implication from Ruv to R*|u][v]. So assume Ruz. 
Suppose 0A € I and M,u t OA; then obviously M,v t A, and 
(1) is satisfied. Suppose >A € I and M,v tt A. Then M,u tt OA 
since Ruv, and (2) is satisfied. Oo 


Example 5.11. Let W = Z*, Rum iff m = n+1, and V(p) = 
{2n : n € N}. The model M = (W,R,V) is depicted in Fig- 
ure 5.1. The worlds are 1, 2, etc.; each world can access exactly 
one other world—its successor—and f is true at all and only the 
even numbers. 

Now let IT be the set of sub-formulas of Of — fp, i.e., 
{p.Op,0p — p}. p is true at all and only the even numbers, Op 
is true at all and only the odd numbers, so Of — f is true at 
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all and only the even numbers. In other words, every odd num- 
ber makes Of true and p and Of — f false; every even number 
makes p and Of — f true, but Of false. So W* = {[1],[2]}, 
where [1] = {1,3,5,...} and [2] = {2,4,6,...}. Since 2 € V(p), 
[2] <¢ V*(p); since 1 ¢ V(p), [1] ¢ V*(p). So V*(p) = {[2]}. 

Any filtration based on W* must have an accessibility rela- 
tion that includes ([1],[2]), [2], [1]): since R12, we must have 
R*[1)[2] by Definition 5.4(2a), and since R23 we must have 
R* [2] [3], and [3] = [1]. It cannot include ([1],[1]): if it did, 
wed have R*[1][1], M,1 + Op but M,1 # p, contradicting (2b). 
Nothing requires or rules out that R*[2][2]. So, there are two 
possible filtrations of M, corresponding to the two accessibility 
relations 


{({1],[2]), [2], 1} and {({1], [2]), [2], (21). (21. [21 }- 


In either case, p and Op — p are false and Of is true at [1]; p and 
Op — p are true and Of is false at [2]. 


5.5  Filtrations are Finite 


We've defined filtrations for any set J that is closed under sub- 
formulas. Nothing in the definition itself guarantees that filtra- 
tions are finite. In fact, when J is infinite (e.g., is the set of all 
formulas), it may well be infinite. However, if I is finite (e.g., 
when it is the set of sub-formulas of a given formula A), so is any 
filtration through I’. 


Proposition 5.12. If I is finite then any filtration M* of a model 
M through I is also finite. 


Proof. The size of W* is the number of different classes [w] under 
the equivalence relation =. Any two worlds uw, v in such class— 
that is, any u and v such that u = v—agree on all formulas A 
in [, A € TI either A is true at both uw and 2, or at neither. So 
each class [w] corresponds to subset of [, namely the set of all 
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A €T such that A is true at the worlds in [w]. No two different 
classes [wu] and [v] correspond to the same subset of I. For if 
the set of formulas true at uw and that of formulas true at v are 
the same, then w and v agree on all formulas in I, ie., u = v. 
But then [u] = [v]. So, there is an injective function from W* to 
(I), and hence |W*| < |g(I)|. Hence if F contains n sentences, 
the cardinality of W~ is no greater than 2”. Oo 


5-6 K and S5 have the Finite Model 
Property 


Definition 5.13. A system 2 of modal logic is said to have the 
finite model property if whenever a formula A is true at a world in 
a model of » then A is true at a world in a finite model of 2. 


Proposition 5.14. K has the finite model property. 


Proof. K is the set of valid formulas, i.e., any model is a model 
of K. By Theorem 5.5, if M,w t A, then M*,w t A for any filtra- 
tion of M through the set I of sub-formulas of A. Any formula 
only has finitely many sub-formulas, so I is finite. By Proposi- 
tion 5.12, |W*| < 2”, where n is the number of formulas in 7. And 
since K imposes no restriction on models, M* is a K-model. O 


To show that a logic L has the finite model property via fil- 
trations it is essential that the filtration of an L-model is itself 
a L-model. Often this requires a fair bit of work, and not any 
filtration yields a L-model. However, for universal models, this 
still holds. 


Proposition 5.15. Let U be the class of universal models (see Propo- 
sition 2.14) and Uyin the class of all finite universal models. Then any 
formula A is valid in U if and only if it is valid in Uyin. 
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Proof. Finite universal models are universal models, so the left- 
to-right direction is trivial. For the right-to left direction, suppose 
that A is false at some world w in a universal model M. Let I” 
contain A as well as all of its subformulas; clearly I is finite. Take 
a filtration M* of M; then M” is finite by Proposition 5.12, and 
by Theorem 5.5, A is false at [w] in M*. It remains to observe 
that M* is also universal: given u and v, by hypothesis Ruv and 
by Definition 5.4(2), also R*[u] [v]. Oo 


Corollary 5.16. S5 has the finite model property. 


Proof. By Proposition 2.14, if A is true at a world in some reflex- 
ive and euclidean model then it is true at a world in a universal 
model. By Proposition 5.15, it is true at a world in a finite uni- 
versal model (namely the filtration of the model through the set 
of sub-formulas of A). Every universal model is also reflexive and 
euclidean; so A is true at a world in a finite reflexive euclidean 
model. Oo 


5.7 S5 is Decidable 


The finite model property gives us an easy way to show that sys- 
tems of modal logic given by schemas are decidable (i.e., that there 
is a computable procedure to determine whether a formula is 
derivable in the system or not). 


Theorem 5.17. S5 is decidable. 


Proof. Let A be given, and suppose the propositional variables 
occurring in A are among fj, ..., pz. Since for each n there are 
only finitely many models with n worlds assigning a value to fy, 
..+5 Pe, We can enumerate, in parallel, all the theorems of S5 by 
generating proofs in some systematic way; and all the models con- 
taining 1, 2, ... worlds and checking whether A fails at a world in 
some such model. Eventually one of the two parallel processes 
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will give an answer, as by Theorem 4.17 and Corollary 5.16, ei- 
ther A is derivable or it fails in a finite universal model. oO 


The above proof works for S5 because filtrations of universal 
models are automatically universal. The same holds for reflexiv- 
ity and seriality, but more work is needed for other properties. 


5-8 Filtrations and Properties of 
Accessibility 


As noted, filtrations of universal, serial, and reflexive models are 
always also universal, serial, or reflexive. But not every filtration 
of a symmetric or transitive model is symmetric or transitive, 
respectively. In some cases, however, it is possible to define fil- 
trations so that this does hold. In order to do so, we proceed as in 
the definition of the coarsest filtration, but add additional condi- 
tions to the definition of R*. Let I be closed under sub-formulas. 
Consider the relations C;(u,v) in Table 5.1 between worlds u, v 
in a model M = (W,R,V). We can define R*[u][v] on the basis 
of combinations of these conditions. For instance, if we stipulate 
that R*[u][v] iff the condition C;(u,v) holds, we get exactly the 
coarsest filtration. If we stipulate R*[u][v] iff both Ci(u,v) and 
Co(u,v) hold, we get a different filtration. It is “finer” than the 
coarsest since fewer pairs of worlds satisfy Ci(u,v) and Co(u,v) 
than Cj(u,v) alone. 


Cie oy if oA € l and M,u t GA then M,v tt A; and 
"if OA € F and M,v t A then M,u It OA; 
Cine): if oA € I and M,v t GA then M,u t+ A; and 
"if OA € F and M,u t' A then M,v + OA; 
Cad: ifoA eT and M,u t OA then M,v t+ OA; and 
"if OA € TF and M,v t+ OA then M,u + OA; 
Cay ifoA eT and M,v t OA then M,u t+ OA; and 
"if OA € TF and M,u + OA then M,v + OA; 


Table 5.1: Conditions on possible worlds for defining filtrations. 
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Theorem 5.18. Let M = (W,R,V) be a model, I’ closed under sub- 
formulas. Let W* and V* be defined as in Definition 5.4. Then: 


1. Suppose R*[u]|v] if and only if Cy(u,v) A Co(u,v). Then R* 
is symmetric, a M* = (W*,R*,V*) is a filtration if M is 
symmetric. 

2. Suppose R*|u|[v] if and only if Ci(u,v) A C3(u,v). Then R* 
is transitive, ie M* = (W*,R*,V*) is a filtration if M is 
transitive. 

3. Suppose R*[u][v] ifand only if Cy (u,v) A Co(u,v) AC3(u,v) A 


Cy(u,v). Ti i R* is symmetric and transitive, and M* = 
(W*,R*,V") is a filtration ifM is symmetric and transitive. 


4. Suppose R* is defined as R*[u][v] if and only if Cy(u,v) A 
C3(u,v) A Cy4(u,v). Then R* : eee and euclidean, and 
M* = (W*,R*,V") is a filtration if M is transitive and eu- 
clidean. 


Proof. 1. It’s immediate that R* is symmetric, since Ci(u,v) © 

Co(v,u) and Co(u,v) © Cy(v,u). So it’s left to show that if 
M is symmetric then M" is a filtration through I’. Condition 
C\(u,v) guarantees that (2b) and (2c) of Definition 5.4 are 
satisfied. So we just have to verify Definition 5.4(2 a), ie., 
that Ruv implies R*[u][v]. 
So suppose Ruv. To show R*[u][v] we need to establish 
that Cy(u,v) and Co(u,v). For Cy: if OA €¢ F and M,u t+ oA 
then also M,v t A (since Ruv). Similarly, if OA € I and 
M,v t+ Athen M,u t OA since Ruv. For Co: if OA € I 
and M,v OA then Ruv implies Ruu by symmetry, so that 
M,u tt A. Similarly, if OA ¢ [and M,u + AthenM,vt OA 
(since Ruu by symmetry). 


2. Exercise. 


3. Exercise. 
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4. Exercise. Oo 


5-9 Filtrations of Euclidean Models 


The approach of section 5.8 does not work in the case of models 
that are euclidean or serial and euclidean. Consider the model 
at the top of Figure 5.2, which is both euclidean and serial. Let 
I = {p,Op}. When taking a filtration through I, then [w)] = 
[w3] since w; and w3 are the only worlds that agree on J’. Any 
filtration will also have the arrow inherited from M, as depicted 
in Figure 5.3. That model isn’t euclidean. Moreover, we cannot 
add arrows to that model in order to make it euclidean. We would 
have to add double arrows between [wg] and [w4], and then also 
between wy, and ws. But Of is supposed to be true at wa, while p 
is false at ws. 


+@)—-@ 


I Op I Op 
() () 
*@—-@: ©» 
I Op «Op Op 


Figure 5.2: A serial and euclidean model. 


In particular, to obtain a euclidean filtration it is not enough 
to consider filtrations through arbitrary ’s closed under sub- 
formulas. Instead we need to consider sets J that are modally 
closed (see Definition 5.1). Such sets of sentences are infinite, and 
therefore do not immediately yield a finite model property or the 
decidability of the corresponding system. 


Theorem 5.19. Let I be modally closed, M = (W,R,V), and M* = 
(W*,R*,V*) be a coarsest filtration of M. 
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* Op kK Op 


Figure 5.3: The filtration of the model in Figure 5.2. 


1. IfM is symmetric, so is M*. 
2. IfM is transitive, so is M*. 


3. IfM is euclidean, so is M*. 
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Proof. 1. If M* is a coarsest filtration, then by definition 


R*[u][v] holds if and only if Cj(u,v). For transitivity, sup- 
pose Cj(u,v) and Cj(v,w); we have to show Cj(u,w). Sup- 
pose M,u t OA; then M,u t ODA since 4 is valid in 
all transitive models; since OO0A € I by closure, also by 
C\(u,v), M,v t OA and by Ci(v,w), also M,w t A. Sup- 
pose M,w t A; then M,v t OA by Cj(v,w), since OA € I 
by modal closure. By Cj(u,v), we get M,u lt OA since 
©OA €T by modal closure. Since 49 is valid in all transi- 
tive models, M,u OA. 


. Exercise. Use the fact that both 5 and 54 are valid in all 
euclidean models. 


. Exercise. Use the fact that B and Bo are valid in all sym- 
metric models. Oo 
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Problems 
Problem 5.1. Complete the proof of Theorem 5.5 
Problem 5.2. Complete the proof of Proposition 5.8. 


Problem 5.3. Consider the following model M = (W,R,V) 
where W = {00 : o € B*}, the set of sequences of Os and 1s 
starting with 0, with Roo’ iff o’ = oO or o’ = o1, and 
V(p) = {00:0 € B*} and V(q) = {01:0 € B* \ {1}}. Here’s a 
picture: 


We have M,w ¥ O(p V q) > (Of V O@) for every w. 

Let I’ be the set of sub-formulas of O(p V g) — (Of V O89). 
What are W* and V*? What is the accessibility relation of the 
finest filtration of M? Of the coarsest? 


Problem 5.4. Show that any filtration of a serial or reflexive 
model is also serial or reflexive (respectively). 


Problem 5.5. Find a non-symmetric (non-transitive, non- 
euclidean) filtration of a symmetric (transitive, euclidean) model. 
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Problem 5.6. Complete the proof of Theorem 5.18. 


Problem 5.7. Complete the proof of Theorem 5.19. 
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CHAPTER 6 


Modal 
Tableaux 


6.1 Introduction 


Tableaux are certain (downward-branching) trees of signed for- 
mulas, i.e., pairs consisting of a truth value sign (T or F) and 
a sentence 

TA orF A. 


A tableau begins with a number of assumptions. Each further 
signed formula is generated by applying one of the inference 
rules. Some inference rules add one or more signed formulas 
to a tip of the tree; others add two new tips, resulting in two 
branches. Rules result in signed formulas where the formula is 
less complex than that of the signed formula to which it was ap- 
plied. When a branch contains both TA and F A, we say the 
branch is closed. If every branch in a tableau is closed, the entire 
tableau is closed. A closed tableau constitutes a derivation that 
shows that the set of signed formulas which were used to begin 
the tableau are unsatisfiable. This can be used to define a f rela- 
tion: [+ A iff there is some finite set Jy = {B,...,B,} CF such 
that there is a closed tableau for the assumptions 


{F A,T By,...,T By}. 
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For modal logics, we have to both extend the notion of signed 
formula and add rules that cover O and © In addition to a 
sign(T or F), formulas in modal tableaux also have prefixes co. 
The prefixes are non-empty sequences of positive integers, i.e., 
ao € (Z*)* \ {A}. When we write such prefixes without the sur- 
rounding ( ), and separate the individual elements by .’s instead 
of ”s. If o is a prefix, then o.n is 7 — (n); e.g., if o = 1.2.1, then 
o.3 is 1.2.1.3. So for instance, 


12ToOA—-A 


is a prefixed signed formula (or just a prefixed formula for short). 

Intuitively, the prefix names a world in a model that might 
satisfy the formulas on a branch of a tableau, and if o names 
some world, then o.n names a world accessible from (the world 
named by) o. 


6.2 Rules for K 


The rules for the regular propositional connectives are the same 
as for regular propositional signed tableaux, just with prefixes 
added. In each case, the rule applied to a signed formula a S A 
produces new formulas that are also prefixed by o. This should 
be intuitively clear: e.g., if A B is true at (a world named by) o, 
then A and B are true at o (and not at any other world). We 
collect the propositional rules in Table 6.1. 

The closure condition is the same as for ordinary tableaux, 
although we require that not just the formulas but also the prefixes 
must match. So a branch is closed if it contains both 


oTA and oFA 


for some prefix 0 and formula A. 

The rules for setting up assumptions is also as for ordinary 
tableaux, except that for assumptions we always use the prefix 1. 
(It does not matter which prefix we use, as long as it’s the same 
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ao T-=AA oFAA 
oFA ce aoTA = 
_GTAAB a oFAAB 
ees oFA | oFB 
oTB 
oTAVB _GFAVB 
TA | oTB VT oFA 
2 oFB 
oTA->B GFA >B 
—T aoTA 
oFA | oTB 
oFB 


Table 6.1: Prefixed tableau rules for the propositional connectives 


for all assumptions.) So, e.g., we say that 
By,...,B,+A 
iff there is a closed tableau for the assumptions 
1T By,...,1T B,,1F A. 


For the modal operators O and 6, the prefix of the conclusion 
of the rule applied to a formula with prefix o is o.n. However, 
which n is allowed depends on whether the sign is T or F. 

The To rule extends a branch containing 0 TOA by o.nT A. 
Similarly, the FO rule extends a branch containing 0 F OA by 
o.nF A. They can only be applied for a prefix o.n which already 
occurs on the branch in which it is applied. Let’s call such a prefix 
“used” (on the branch). 

The Fo rule extends a branch containing 0 F OA by o.nF A. 
Similarly, the T© rule extends a branch containing 0 TOA by 
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o TOA oFoA 
onTA oa onFA oF 
o.n is used o.n is new 
oTOA oFOA 
onTA ve onF A oF 
o.n is new o.n is used 


Table 6.2: The modal rules for K. 


o.nT A. These rules, however, can only be applied for a pre- 
fix o.n which does not already occur on the branch in which it is 
applied. We call such prefixes “new” (to the branch). 

The rules are given in Jable 0.2. 

The requirement that the restriction that the prefix for OT 
must be used is necessary as otherwise we would count the fol- 
lowing as a closed tableau: 


1T oA Assumption 
1F OA Assumption 
11T A OT 1 
LAF A OF 2 
® 


ee oe 


But OA ¥ 4A, so our proof system would be unsound. Like- 
wise, ©A # OA, but without the restriction that the prefix for OF 
must be new, this would be a closed tableau: 
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2; 1T OA Assumption 
2. 1F OA Assumption 
3: 11T A oT1 
4. 11F A OF 2 

® 


6.3 Tableaux for K 


Example 6.1. We give a closed tableau that shows + (GAADB)— 
O(A A B). 


1. 1F (GAAgOB) > O(AAB) Assumption 

2. 1T oDAAGB —F1 

3. 1F O(AAB) —>F1 

4. 1T oA AT2 

5. 1T oB AT 2 

6. 11F AAB OF 3 
a 

7. 11F A 11F B AF 6 

8. 11T A 11T B OT 4; oT 5 
® ® 


Example 6.2. We give a closed tableau that shows + >(AV B)—> 
(OAV OB): 
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1. 1F O(AV B) > (OAV OB) Assumption 

2, 1T O(AVB) >F1 

3. 1F OAV OB F1 

4. 1F OA VE3 

5. 1F OB VE3 

6. 11T AVB oT 2 
an 

7. 11T A 11T B VT6 

8. 11F A 11F B OF 4; OF5 
® ® 


6.4 Soundness for K 


In order to show that prefixed tableaux are sound, we have to 
show that if 
1TB,...,1TB,,1F A 


has a closed tableau then B,,...,B, & A. It is easier to prove 
the contrapositive: if for some M and world w, M,w t B; for all 
i =1,..., » but M,w t A, then no tableau can close. Such a 
countermodel shows that the initial assumptions of the tableau 
are satisfiable. The strategy of the proof is to show that whenever 
all the prefixed formulas on a tableau branch are satisfiable, any 
application of a rule results in at least one extended branch that 
is also satisfiable. Since closed branches are unsatisfiable, any 
tableau for a satisfiable set of prefixed formulas must have at least 
one open branch. 

In order to apply this strategy in the modal case, we have to 
extend our definition of “satisfiable” to modal modals and pre- 
fixes. With that in hand, however, the proof is straightforward. 


Definition 6.3. Let P be some set of prefixes, i.e., P C (Z*)* \ 
{A} and let M be a model. A function f: P — W is an inter- 
pretation of P in M if, whenever o and o.n are both in P, then 
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Rf(o)f(o.n). 


Relative to an interpretation of prefixes P we can define: 
1. M satisfies 0 T A iff M, f (co) A. 
2. M satisfies 0 F A iff M, f (co) # A. 


Definition 6.4. Let I’ be a set of prefixed formulas, and let P(I’) 
be the set of prefixes that occur in it. If f is an interpretation 
of P(I’) in M, we say that M satisfies [ with respect to f, M,f 
I’, if M satisfies every prefixed formula in I with respect to f. I” 
is satisfiable iff there is a model M and interpretation f of P(I) 
such that M, ft I. 


Proposition 6.5. [fT contains both o T A and oF A, for some for- 
mula A and prefix o, then I is unsatisfiable. 


Proof. There cannot be a model M and interpretation f of P(I) 
such that both M, f(o) + A and M, f(c) # A. Oo 


Theorem 6.6 (Soundness). [fT has a closed tableau, I’ is unsat- 
isfiable. 


Proof. We call a branch of a tableau satisfiable iff the set of signed 
formulas on it is satisfiable, and let’s call a tableau satisfiable if it 
contains at least one satisfiable branch. 

We show the following: Extending a satisfiable tableau by one 
of the rules of inference always results in a satisfiable tableau. 
This will prove the theorem: any closed tableau results by apply- 
ing rules of inference to the tableau consisting only of assump- 
tions from I’. So if I’ were satisfiable, any tableau for it would 
be satisfiable. A closed tableau, however, is clearly not satisfi- 
able, since all its branches are closed and closed branches are 
unsatisfiable. 
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Suppose we have a satisfiable tableau, i.e., a tableau with at 
least one satisfiable branch. Applying a rule of inference either 
adds signed formulas to a branch, or splits a branch in two. If 
the tableau has a satisfiable branch which is not extended by the 
rule application in question, it remains a satisfiable branch in 
the extended tableau, so the extended tableau is satisfiable. So 
we only have to consider the case where a rule is applied to a 
satisfiable branch. 

Let I’ be the set of signed formulas on that branch, and let 
o SA €T be the signed formula to which the rule is applied. If 
the rule does not result in a split branch, we have to show that the 
extended branch, i.e., / together with the conclusions of the rule, 
is still satisfiable. If the rule results in split branch, we have to 
show that at least one of the two resulting branches is satisfiable. 
First, we consider the possible inferences with only one premise. 


1. The branch is expanded by applying ~T to cT7B € T. 
Then the extended branch contains the signed formulas 
I U{oF B}. Suppose M,f t I. In particular, M,f(o) 
AB. Thus, M, f(o) # B, i.e., M satisfies o F B with respect 


to f. 


2. The branch is expanded by applying =F to oF-B « T: 
Exercise. 


3. The branch is expanded by applying AT too TBAC €T, 
which results in two new signed formulas on the branch: 
oTB and oTC. Suppose M,f t TI, in particular 
M,f(o7) t BAC. Then M,f(c) t B and M,f(c)  C. 
This means that M satisfies both o TB and o TC with re- 
spect to f. 


4. The branch is expanded by applying VF to FBV C «T: 
Exercise. 


5. The branch is expanded by applying —F to oF B > 
C ¢ I: This results in two new signed formulas on the 
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branch: 0 TB and o FC. Suppose M,f t+ I, in particular 
M,f(c) * BC. Then M,f(c) + Band M,f(c) ¥ C. 
This means that M,/f satisfies both 0 TB and o FC. 


. The branch is expanded by applying OT to oTOB € T: 


This results in a new signed formula o.n T B on the branch, 
for some o.n € P(I’) (since o.n must be used). Suppose 
M,f IT, in particular, M,f(co) OB. Since f is an in- 
terpretation of prefixes and both a, o.n € P(I’), we know 
that Rf (oc) f(o.n). Hence, M, f(o.n)  B, ie., M,f satis- 
fies o.n TB. 


. The branch is expanded by applying OF to co FOB ¢€ I: 


This results in a new signed formula o.n F A, where o.n is 
a new prefix on the branch, ie., o.n ¢ P(I’). Since I’ is 
satisfiable, there is a M and interpretation f of P(I”) such 
that M,f + I, in particular M,f(o) *« OB. We have to 
show that [ U{o.nF B} is satisfiable. To do this, we define 
an interpretation of P(I’) U {o.n} as follows: 


Since M, f(co) * OB, there is a w € W such that Rf(o)w 
and M,w # B. Let f’ be like f, except that f’(o.n) = w. 
Since f’(o) = f(a) and Rf (7) w, we have Rf'(7) f’(o.n), 
so f’ is an interpretation of P(I’) U {a.n}. Obviously 
M,f'(o.n) * B. Since f(a’) = f’(c’) for all prefixes 
o’ € P(l),M,f’t I. So, M,f’ satisfies PU {o.n F B}. 


Now let’s consider the possible inferences with two premises. 


1. 


The branch is expanded by applying AF too FBAC €T, 
which results in two branches, a left one continuing through 
oF B and a right one through o FC. Suppose M,f t I, 
in particular M,f(7) © BAC. Then M,f(o) ¥ B or 
M, f (co) « C. In the former case, M,f satisfies o F B, i-e., 
the left branch is satisfiable. In the latter, M,/f satisfies 
o FC, ie., the right branch is satisfiable. 


. The branch is expanded by applying VT tt coTBVC eT: 


Exercise. 
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3. The branch is expanded by applying ~T too TBC eT: 
Exercise. O 


Corollary 6.7. [ff + A thenT § A. 


Proof. lf I + A then for some By, .... B, € IT, A = 
{1F A,1T By,...,17B,} has a closed tableau. We want to show 
that [ + A. Suppose not, so for some M and w, M,w t B; for 
i=1,..., 2, but M,w # A. Let f(1) = w; then f is an interpre- 
tation of P(4) into M, and M satisfies 4 with respect to f. But 
by Theorem 6.6, A is unsatisfiable since it has a closed tableau, 
a contradiction. So we must have [+ A after all. Oo 


Corollary 6.8. [f+ A then A is true in all models. 


6.5 Rules for Other Accessibility Relations 


In order to deal with logics determined by special accessibility 
relations, we consider the additional rules in ‘Table 6.3. 

Adding these rules results in systems that are sound and com- 
plete for the logics given in Table 6.4. 


Example 6.9. We give a closed tableau that shows S5 + 5, ie., 


DA > OOA. 
1. 1F oA—OoOA Assumption 
2. 1T oA —F1 
3. 1F OOA —>F1 
4. 11F 6A OF 3 
5. 1F OA 4TO 4 
6. 11F A OF5 
7. 11T A oT 2 


® 
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Table 6.3: More modal rules. 


6.6 Soundness for Additional Rules 


We say a rule is sound for a class of models if, whenever a branch 
in a tableau is satisfiable in a model from that class, the branch 
resulting from applying the rule is also satisfiable in a model from 
that class. 


Proposition 6.10. TO and T© are sound for reflexive models. 
Proof. 1. The branch is expanded by applying To to 7 TOB € 


I: This results in a new signed formula o TB on the 
branch. Suppose M,/f t+ I, in particular, M,f(o) + OB. 
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Logic EAS ass Rules 
T=KT reflexive To, To 
D=KD serial Do, De 
K4 transitive 40, 40 


B=KTB reflexive, To, TO 
symmetric Bo, BO 

S4=KT4 reflexive, To, To, 
transitive 40, 40 

S5=KT4B reflexive, To, To, 
transitive, 40, 40, 
euclidean 4rO, 4rO 


Table 6.4: Tableau rules for various modal logics. 


Since R is reflexive, we know that Rf(o)f(o). Hence, 
M,f(o)  B, ie, M,f satisfies o TB. 


2. The branch is expanded by applying TO to 7 FOB «IT: 
Exercise. 0 


Proposition 6.11. Do and DO are sound for serial models. 


Proof. 1. The branch is expanded by applying Do to 7 TOB € 
I: This results in a new signed formula 0 T OB on the 
branch. Suppose M,f t+ I, in particular, M,f(o) + OB. 
Since R is serial, there isa w € W such that Rf(7)w. Then 
M,w t B, and hence M,f(c) t+ OB. So, M,f satisfies 
oTOB. 


2. The branch is expanded by applying DO too FOB € T: 
Exercise. q 
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Proposition 6.12. BO and BO are sound for symmetric models. 


Proof. 1. The branch is expanded by applying Bo to 
o.nTOB ¢T: This results in a new signed formula 0 TB 
on the branch. Suppose M,f t TI, in particular, 
M,f(o.n) + OB. Since f is an interpretation of prefixes 
on the branch into M, we know that Rf(o)f(o.n). Since 
R is symmetric, Rf(o.n)f (oc). Since M,f(o.n) I OB, 
M,f(o) t B. Hence, M,f satisfies 0 TB. 


2. The branch is expanded by applying BO too.nFOB eT: 
Exercise. 0 


Proposition 6.13. 40 and 4 are sound for transitive models. 


Proof. 1. The branch is expanded by applying 40 to 7 TOB € 
I: This results in a new signed formula o.nTOB on the 
branch. Suppose M,/f t+ I, in particular, M,f(o) + OB. 
Since f is an interpretation of prefixes on the branch into M 
and o.n must be used, we know that Rf(o)f(o.n). Now 
let w be any world such that Rf(o.n)w. Since R is tran- 
sitive, Rf(o7)w. Since M, f(o) + OB, M,w t B. Hence, 
M,f(o.n) OB, and M,/f satisfies o.n T OB. 


2. The branch is expanded by applying 40 to 7 FOB € T: 
Exercise. q 


Proposition 6.14. 4rO and 4r© are sound for euclidean models. 


Proof. 1. The branch is expanded by applying 4rO to 
o.nTOB €T: This results in a new signed formula 0 TOB 
on the branch. Suppose M,f t TI, in particular, 
M, f(o.n) + OB. Since f is an interpretation of prefixes on 
the branch into M, we know that Rf(o)f(o.n). Now let 
w be any world such that Rf(o)w. Since R is euclidean, 
Rf(o.n)w. Since M,f(c).n + OB, M,w t B. Hence, 
M,f (co) + OB, and M,f satisfies 0 TOB. 
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2. The branch is expanded by applying 4rO too. nFOB eT: 
Exercise. O 


Corollary 6.15. The tableau systems given in lable 6.4 are sound for 
the respective classes of models. 


6.7. Simple Tableaux for S5 


S5 is sound and complete with respect to the class of universal 
models, i.e., models where every world is accessible from every 
world. In universal models the accessibility relation doesn’t mat- 
ter: “there is a world w where M,w t A” is true if and only if 
there is such a w that’s accessible from u. So in S5, we can define 
models as simply a set of worlds and a valuation V. This suggests 
that we should be able to simplify the tableau rules as well. In the 
general case, we take as prefixes sequences of positive integers, so 
that we can keep track of which such prefixes name worlds which 
are accessible from others: o.n names a world accessible from o. 
But in S5 any world is accessible from any world, so there is no 
need to so keep track. Instead, we can use positive integers as 
prefixes. The simplified rules are given in Table 0.5. 


Example 6.16. We give a simplified closed tableau that shows 
S5+ 5,ie., OA OOA. 


i 1F ©A—>OOA Assumption 
2, 1T OA —F1 
3. 1F o¢O<A —F1 
4. 2F OA OF 3 
5: 3T A OT2 
6. 3F A OF4 


® 
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nT OA nFOA 
mTA au mE A oF 
m is used m is new 
nT OA nFOA 

mT A ve mF A on 
m is new m is used 


Table 6.5: Simplified rules for S5. 


6.8 Completeness for K 


To show that the method of tableaux is complete, we have to show 
that whenever there is no closed tableau to show I + A, then I’ 
A, i.e., there is a countermodel. But “there is no closed tableau” 
means that every way we could try to construct one has to fail 
to close. The trick is to see that if every such way fails to close, 
then a specific, systematic and exhaustive way also fails to close. 
And this systematic and exhaustive way would close if a closed 
tableau exists. The single tableau will contain, among its open 
branches, all the information required to define a countermodel. 
The countermodel given by an open branch in this tableau will 
contain the all the prefixes used on that branch as the worlds, 
and a propositional variable p is true at o iff o T p occurs on the 
branch. 


Definition 6.17. A branch in a tableau is called complete if, 
whenever it contains a prefixed formula o S A to which a rule 


CHAPTER 6. MODAL TABLEAUX 108 


can be applied, it also contains 


1. the prefixed formulas that are the corresponding conclu- 
sions of the rule, in the case of propositional stacking rules; 


2. one of the corresponding conclusion formulas in the case 
of propositional branching rules; 


3. at least one possible conclusion in the case of modal rules 
that require a new prefix; 


4. the corresponding conclusion for every prefix occurring on 
the branch in the case of modal rules that require a used 
prefix. 


For instance, a complete branch contains oT B and o TC 
whenever it contains T BAC. If it contains 0 T BV C it contains at 
least one of o F B and o0 T C. If it contains 0 FO it also contains 
o.n FO for at least one n. And whenever it contains o TC it also 
contains o.n TO for every n such that o.n is used on the branch. 


Proposition 6.18. Every finite [ has a tableau in which every 
branch is complete. 


Proof. Consider an open branch in a tableau for [. There are 
finitely many prefixed formulas in the branch to which a rule 
could be applied. In some fixed order (say, top to bottom), for 
each of these prefixed formulas for which the conditions (1)—(4) 
do not already hold, apply the rules that can be applied to it to 
extend the branch. In some cases this will result in branching; 
apply the rule at the tip of each resulting branch for all remain- 
ing prefixed formulas. Since the number of prefixed formulas is 
finite, and the number of used prefixes on the branch is finite, 
this procedure eventually results in (possibly many) branches ex- 
tending the original branch. Apply the procedure to each, and 
repeat. But by construction, every branch is closed. Oo 
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Theorem 6.19 (Completeness). {I has no closed tableau, I’ is 
satisfiable. 


Proof. By the proposition, I’ has a tableau in which every branch 
is complete. Since it has no closed tableau, it thas has a tableau 
in which at least one branch is open and complete. Let 4 be 
the set of prefixed formulas on the branch, and P(4) the set of 
prefixes occurring in it. 

We define a model M(A) = (P(4),R,V) where the worlds are 


the prefixes occurring in 4, the accessibility relation is given by: 


, 


Roo’ iff co’ =o.n for some n 


and 


V(p) ={o:oTpe 4}. 


We show by induction on A that if oT A € 4 then M(A4),o t A, 
and if oF A € A then M(/),c ¥ A. 


1.4=p: If oTA c€ Atheno € V(p) (by definition of V) 
and so M(A),o tt A. 


If oF A € Athen co TA ¢ J, since the branch would other- 
wise be closed. So o ¢ V(p) and thus M(/4),o # A. 


2. A=A7B: Ifo TA€e A, then oF B € J since the branch is 
complete. By induction hypothesis, M(4),o * B and thus 
M(A),o t A. 

If oF A € A, then o TB € A since the branch is complete. 
By induction hypothesis, M(4),o + B and thus M(/),o # 
A, 


3. A= BAC: Exercise. 


4. A=BVC: IfoTA€A, then either o TBe 4oraoTCe 
A since the branch is complete. By induction hypothesis, 
either M(A),o t+ B or M(A4),o0 + C. Thus M(/A),o tt A. 
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If oF A € A, then both oF B € A andoFC € A since 
the branch is complete. By induction hypothesis, both 
M(A),o * B and M(A),o #* B. Thus M(A),o # A. 


5. A=B—-C: Exercise. 


6. A=OB: Ifo TAe A, then, since the branch is complete, 
o.nTB € JA for every o.n used on the branch, ie., for 
every a’ € P(A) such that Roo’. By induction hypothesis, 
M(A),o’ t+ B for every a’ such that Roo’. Therefore, 
M(A),o t A. 


If oF A e€ A, then for some o.n, o.nFB € A since the 
branch is complete. By induction hypothesis, M(4),o.n # 
B. Since Ro(o.n), there is a o’ such that M(A),o’ # B. 
Thus M(A),o # A. 


7. A=OB: Exercise. 


Since IC 4, M(A) ET. Oo 


Corollary 6.20. [f[' + A thenI'+ A. 


Corollary 6.21. [fA is true in all models, thent A. 


6.9 Countermodels from Tableaux 


The proof of the completeness theorem doesn’t just show that if 
- A then t A, it also gives us a method for constructing coun- 
termodels to A if # A. In the case of K, this method constitutes 
a decision procedure. For suppose # A. Then the proof of Propo- 
sition 6.18 gives a method for constructing a complete tableau. 
The method in fact always terminates. The propositional rules 
for K only add prefixed formulas of lower complexity, i.e., each 
propositional rule need only be applied once on a branch for any 
signed formula o SA. New prefixes are only generated by the OF 
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and OT rules, and also only have to be applied once (and produce 
a single new prefix). OT and OF have to be applied potentially 
multiple times, but only once per prefix, and only finitely many 
new prefixes are generated. So the construction either results in 
a closed branch or a complete branch after finitely many stages. 

Once a tableau with an open complete branch is constructed, 
the proof of Theorem 6.19 gives us an explict model that satisfies 
the original set of prefixed formulas. So not only is it the case 
that if 7 & A, then a closed tableau exists and I’ + A, if we look for 
the closed tableau in the right way and end up with a “complete” 
tableau, we'll not only know that I ¥ A but actually be able to 
construct a countermodel. 


Example 6.22. We know that ¥ O(p V gq) — (Op V Og). The 
construction of a tableau begins with: 


1. 1F o(pVq) > (Op V Og) ¥ Assumption 
2, 1T O(pVvq) —F1 
2. 1F opvog JV —F1 
4. 1F opv VF3 
5: 1F ogVv VF3 
6. 11F pv OF 4 
qs 12F qv OF 5 


The tableau is of course not finished yet. In the next step, we 
consider the only line without a checkmark: the prefixed formula 
1TO(p/Vq) online 2. The construction of the closed tableau says 
to apply the OT rule for every prefix used on the branch, i.e., for 
both 1.1 and 1.2: 
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1F o(pvq) > (pV Og) V 
1T o(pvq) 
1F opvog JV 
1F opv 
1F ogVv 
LIF pv 
12F qv 
1.1T pvq 
12T pvq 


CAT Aarne wr ve 
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Assumption 
-F1 

>F1 

VF3 

VF3 

OF 4 

OF 5 

OT 2 

OT 2 


Now lines 2, 8, and g, don’t have checkmarks. But no new prefix 
has been added, so we apply VT to lines 8 and 9, on all resulting 


branches (as long as they don’t close): 


1. 1F O(~vV q) > (Op V Og) ¥ Assumption 
2. 1T o(pvq) —F1 
5 1F opvog Vv —F1 
4. 1F opv VF3 
5: 1F ogV VF3 
6. 11F pv OF 4 
Ve 12F gv OF 5 
8. 11T pvqv OT 2 
Q. 12T pvqv OT 2 
i 
10. 11T pv 11T gv VT8 
eee 
11. ®@ 12T pv 12T gv VT9 


® 


There is one remaining open branch, and it is complete. From 
it we define the model with worlds W = {1,1.1,1.2} (the only 
prefixes appearing on the open branch), the accessibility relation 
R = {(1,1.1), (1,1.2)}, and the assignment V(p) = {1.2} (because 
line 11 contains 1.2T p) and V(q) = {1.1} (because line 10 con- 
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Qi @: 
4 | 
O- 


Figure 6.7: A countermodel to O(p V g) > (Up V O89). 


tains 1.1T q). The model is pictured in Figure 6.1, and you can 
verify that it is a countermodel to O(p V g) > (Op V O89). 


Problems 


Problem 6.1. Find closed tableaux in K for the following formu- 
las: 


1. Onp > O(p > 4) 

2. (Op VO9) > Off V 9) 

3. OP > O(PV 9) 

4. U(p Ag) > Op 
Problem 6.2. Complete the proof of Theorem 6.0. 
Problem 6.3. Give closed tableaux that show the following: 

1. KT5+ B; 

2. KT5+ 4; 

3. KDB4+ T; 

4. KB4+ 5; 

5. KBS+ 4; 
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6. KT + D. 
Problem 6.4. 
Problem 6.5. 
Problem 6.6. 
Problem 6.7. 
Problem 6.8. 


Problem 6.9. 


Complete the proof of Proposition 6.10 
Complete the proof of Proposition 6.11 
Complete the proof of Proposition 6.12 
Complete the proof of Proposition 6.13 
Complete the proof of Proposition 6.14 


Complete the proof of ‘Theorem 6.19. 
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PART Il 


Intuitionistic 
Logic 


CHAPTER 7 


Introduction 


7.1 Constructive Reasoning 


In contrast to extensions of classical logic by modal operators or 
second-order quantifiers, intuitionistic logic is “non-classical” in 
that it restricts classical logic. Classical logic is non-constructive in 
various ways. Intuitionistic logic is intended to capture a more 
“constructive” kind of reasoning characteristic of a kind of con- 
structive mathematics. The following examples may serve to il- 
lustrate some of the underlying motivations. 

Suppose someone claimed that they had determined a natu- 
ral number n with the property that if m is even, the Riemann 
hypothesis is true, and if n is odd, the Riemann hypothesis is 
false. Great news! Whether the Riemann hypothesis is true or 
not is one of the big open questions of mathematics, and they 
seem to have reduced the problem to one of calculation, that is, 
to the determination of whether a specific number is even or not. 

What is the magic value of n? They describe it as follows: n is 
the natural number that is equal to 2 if the Riemann hypothesis 
is true, and 3 otherwise. 

Angrily, you demand your money back. From a classical point 
of view, the description above does in fact determine a unique 
value of n; but what you really want is a value of n that is given 
explicitly. 

To take another, perhaps less contrived example, consider 
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the following question. We know that it is possible to raise an 
irrational number to a rational power, and get a rational result. 


For example, v2” = 2. What is less clear is whether or not it is 
possible to raise an irrational number to an irrational power, and 
get a rational result. The following theorem answers this in the 
affirmative: 


Theorem 7.1. There are irrational numbers a and b such that a® is 
rational. 


v2 
Proof. Consider V2”. If this is rational, we are done: we can let 
a=b = V2. Otherwise, it is irrational. Then we have 


(v2)? = vo" = yo? <9, 
which is rational. So, in this case, let abe V2, and let b be V2.0 


Does this constitute a valid proof? Most mathematicians feel 
that it does. But again, there is something a little bit unsatisfying 
here: we have proved the existence of a pair of real numbers 
with a certain property, without being able to say which pair of 
numbers it is. It is possible to prove the same result, but in such 
a way that the pair a, b is given in the proof: take a = V3 and 
b = log, 4. Then 


ae 3834 = 3i/Plogs 4 — (glogs 41/2 — 41/2 - 9 


since 3!°83* = x, 

Intuitionistic logic is designed to capture a kind of reasoning 
where moves like the one in the first proof are disallowed. Proving 
the existence of an x satisfying A(x) means that you have to give a 
specific x, and a proof that it satisfies A, like in the second proof. 
Proving that A or B holds requires that you can prove one or the 
other. 

Formally speaking, intuitionistic logic is what you get if you 
restrict a derivation system for classical logic in a certain way. 
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From the mathematical point of view, these are just formal deduc- 
tive systems, but, as already noted, they are intended to capture 
a kind of mathematical reasoning. One can take this to be the 
kind of reasoning that is justified on a certain philosophical view 
of mathematics (such as Brouwer’s intuitionism); one can take it 
to be a kind of mathematical reasoning which is more “concrete” 
and satisfying (along the lines of Bishop’s constructivism); and 
one can argue about whether or not the formal description cap- 
tures the informal motivation. But whatever philosophical posi- 
tions we may hold, we can study intuitionistic logic as a formally 
presented logic; and for whatever reasons, many mathematical 
logicians find it interesting to do so. 


7.2 Syntax of Intuitionistic Logic 


The syntax of intuitionistic logic is the same as that for proposi- 
tional logic. In classical propositional logic it is possible to define 
connectives by others, e.g., one can define A — B by 7A V B, or 
AV B by =(=AA-B). Thus, presentations of classical logic often 
introduce some connectives as abbreviations for these definitions. 
This is not so in intuitionistic logic, with two exceptions: =A can 
be—and often is—defined as an abbreviation for A— L. Then, of 
course, | must not itself be defined! Also, A<> B can be defined, 
as in classical logic, as (A — B) A (B= A). 

Formulas of propositional intuitionistic logic are built up from 
propositional variables and the propositional constant using log- 
ical connectives. We have: 


1. A countably infinite set Ato of propositional variables po, 
Pl, --- 


2. The propositional constant for falsity L. 


3. The logical connectives: A (conjunction), V (disjunction), 
— (conditional) 


4. Punctuation marks: (, ), and the comma. 
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Definition 7.2 (Formula). The set Frm(Y%o) of formulas of 
propositional intuitionistic logic is defined inductively as follows: 


1. Lis an atomic formula. 

2. Every propositional variable p; is an atomic formula. 

3. If A and B are formulas, then (A A B) is a formula. 

4. If A and B are formulas, then (A V B) is a formula. 

5. If A and B are formulas, then (A — B) is a formula. 

6. Nothing else is a formula. 

In addition to the primitive connectives introduced above, we 
also use the following defined symbols: = (negation) and < (bi- 


conditional). Formulas constructed using the defined operators 
are to be understood as follows: 


1. 7A abbreviates A — L. 
2. A B abbreviates (A > B) A(B- A). 


Although - is officially treated as an abbreviation, we will 
sometimes give explicit rules and clauses in definitions for = as 
if it were primitive. This is mostly so we can state practice prob- 
lems. 


7.3 The Brouwer-Heyting-Kolmogorov 
Interpretation 


There is an informal constructive interpretation of the intuitionist 
connectives, usually known as the Brouwer-Heyting-Kolmogorov 
interpretation. It uses the notion of a “construction,” which you 
may think of as a constructive proof. (We don’t use “proof” in 
the BHK interpretation so as not to get confused with the notion 
of a derivation in a formal derivation system.) Based on this 
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intuitive notion, the BHK interpretation explains the meanings 
of the intuitionistic connectives. 


1. We assume that we know what constitutes a construction 
of an atomic statement. 


2. A construction of A; A Ag is a pair (M1, M2) where M; is a 
construction of A, and Mp is a construction of Ag. 


3. A construction of A; V Ag is a pair (s,M) where s is 1 and 
M isa construction of Aj, or s is 2 and M is a construction 
of Ao. 


4. A construction of A > B is a function that converts a con- 
struction of A into a construction of B. 


5. There is no construction for 1 (absurdity). 


6. =A is defined as synonym for AL. That is, a construction 
of =A is a function converting a construction of A into a 
construction of L. 


Example 7.3. Take =1 for example. A construction of it is a 
function which, given any construction of 1 as input, provides a 
construction of 1 as output. Obviously, the identity function Id 
is such a construction: given a construction M of 1, Id(M/) = M 
yields a construction of L. 


Generally speaking, =A means “A construction of A is impos- 
sible”. 


Example 7.4. Let us prove A — ——A for any proposition A, 
which is A — ((A > L) > L). The construction should be a 
function f that, given a construction M of A, returns a construc- 
tion f(M) of (A > 1) > L. Here is how f constructs the con- 
struction of (A — ) — L: We have to define a function g which, 
when given a construction 4 of A — 1 as input, outputs a con- 
struction of 1. We can define g as follows: apply the input / 
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to the construction M of A (that we received earlier). Since the 
output A(M) of A is a construction of 1, f(M)(A) = h(M) is a 
construction of 1 if M is a construction of A. 


Example 7.5. Let us give a construction for =(AA-A), i.e., (AA 
(A— 1)) ~ L. This is a function f which, given as input a 
construction M of A A (A — 1), yields a construction of 1. A 
construction of a conjunction By A By is a pair (N;, No) where Ny, 
is a construction of By and N, is a construction of By. We can 
define functions f; and f2 which recover from a construction of 
B, A Bo the constructions of B, and Bo, respectively: 


fpi((M1,No)) = M 
p2o((M1,.No)) = No 


Here is what f does: First it applies p) to its input M@. That yields 
a construction of A. Then it applies po to M, yielding a construc- 
tion of A — . Such a construction, in turn, is a function po(M) 
which, if given as input a construction of A, yields a construc- 
tion of .. In other words, if we apply fo() to pi (M), we get a 
construction of L. Thus, we can define f(M) = pfo(M)(p1(/)). 


Example 7.6. Let us give a construction of ((A A B) — C) > 
(A— (B—> C)), ie., a function f which turns a construction g 
of (A A B) > C into a construction of (A — (B > C)). The 
construction g is itself a function (from constructions of A A B 
to constructions of C). And the output f(g) is a function h, 
from constructions of A to functions from constructions of B to 
constructions of C’. 

Ok, this is confusing. We have to construct a certain function 
hg, which will be the output of f for input g. The input of A, is 
a construction M of A. The output of 4,(M) should be a func- 
tion ky from constructions N of B to constructions of C. Let 
kem(N) = g({M,N)). Remember that (M,N) is a construction 
of AA B. So k,.y is a construction of B — C: it maps construc- 
tions N of B to constructions of C’. Now let A,(M) = k, y. That’s 
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a function that maps constructions M of A to constructions k, y 
of B > C. Now let f(g) = Ag. That’s a function that maps con- 
structions g of (A A B) — C to constructions of A — (B => C). 
Whew! 


The statement A V =A is called the Law of Excluded Mid- 
dle. We can prove it for some specific A (e.g., 1 V =L), but not 
in general. This is because the intuitionistic disjunction requires 
a construction of one of the disjuncts, but there are statements 
which currently can neither be proved nor refuted (say, Gold- 
bach’s conjecture). However, you can’t refute the law of excluded 
middle either: that is, =4(A V —A) holds. 


Example 7.7. To prove =-(A V —A), we need a function f that 
transforms a construction of =(AV—A), ie., of (AV(A— L)) > 1, 
into a construction of L. In other words, we need a function f 
such that f(g) is a construction of 1 if g is a construction of 
a(A Vv =A). 

Suppose g is a construction of =(A V =A), ie., a function that 
transforms a construction of A V =A into a construction of L. A 
construction of A V —A is a pair (s,M) where either s = 1 and 
M is a construction of A, or s = 2 and M is a construction of 
aA. Let hy; be the function mapping a construction M, of A toa 
construction of A V =A: it maps Mj, to (1,M»). And let hy be the 
function mapping a construction M, of =A to a construction of 
AV —A: it maps My to (2, Mo). 

Let k be g of: it is a function which, if given a construction 
of A, returns a construction of L, i.e., it is a construction of A > 
1 or =A. Now let / be go fg. It is a function which, given a 
construction of =A, provides a construction of 1. Since k is a 
construction of =A, /(k) is a construction of L. 

Together, what we’ve done is describe how we can turn a con- 
struction g of =(AV-—A) into a construction of -L, i.e., the function 
f mapping a construction g of =(AV-—A) to the construction /(k) 
of 1 is a construction of =7=(A Vv —A). 
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As you can see, using the BHK interpretation to show the 
intuitionistic validity of formulas quickly becomes cumbersome 
and confusing. Luckily, there are better derivation systems for 
intuitionistic logic, and more precise semantic interpretations. 


7.4 Natural Deduction 


Natural deduction without the Lc¢ rules is a standard derivation 
system for intuitionistic logic. We repeat the rules here and indi- 
cate the motivation using the BHK interpretation. In each case, 
we can think of a rule which allows us to conclude that if the 
premises have constructions, so does the conclusion. 

Since natural deduction derivations have undischarged as- 
sumptions, we should consider such a derivation, say, of A from 
undischarged assumptions J’, as a function that turns construc- 
tions of all B € I into a construction of A. If there is a derivation 
of A from no undischarged assumptions, then there is a construc- 
tion of A in the sense of the BHK interpretation. For the purpose 
of the discussion, however, we’ll suppress the [’ when not needed. 

An assumption A by itself is a derivation of A from the undis- 
charged assumption A. This agrees with the BHK-interpretation: 
the identity function on constructions turns any construction of A 
into a construction of A. 


Conjunction 
A 
A B 
——— AlIntro 
ANB AAB 
~ Be AElim 


Suppose we have constructions Nj, Nj of A; and Ag, respec- 
tively. Then we also have a construction A; A Ag, namely the pair 
(N1,.N2). 
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A construction of A; A A; on the BHK interpretation is a pair 
(Ni,.N2). So assume we have such a pair. Then we also have a 
construction of each conjunct: Nj; is a construction of A; and No 
is a construction of Ao. 


Conditional 
[A] 
A-—B A F 
3 B —>Elim 
u he —Intro 


If we have a derivation of B from undischarged assumption A, 
then there is a function f that turns constructions of A into con- 
structions of B. That same function is a construction of A —> B. 
So, if the premise of —Intro has a construction conditional on a 
construction of A, the conclusion A — B has a construction. 

On the other hand, suppose there are constructions N of A 
and f of A— B. A construction of A— B is a function that turns 
constructions of A into constructions of B. So, f(N) is a con- 
struction of B, i.e., the conclusion of Elim has a construction. 


Disjunction 
4 [ay [By" 
AvVB VIntro 
= VIntr AVB C C 
AVB ° n a VElim 


If we have a construction N; of A; we can turn it into a con- 
struction (i, N;) of A; V Ag. On the other hand, suppose we have a 
construction of Aj V Ag, ie., a pair (i, N;) where N; is a construc- 
tion of A;, and also functions f{, fo, which turn constructions of 
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Aj, Ag, respectively, into constructions of C. Then /f;(N;) is a 
construction of C, the conclusion of VElim. 


Absurdity 


ak 
= ly 
A 


If we have a derivation of 1 from undischarged assump- 
tions By, ..., Bn, then there is a function f(M4,...,M,) that turns 
constructions of B, ..., B, into a construction of L. Since L has 
no construction, there cannot be any constructions of all of By, 
..., B, either. Hence, f also has the property that if Mq,..., Mn 
are constructions of B,, ..., By, respectively, then f(Mq,...,Mn) 
is a construction of A. 


Rules for = 


Since —A is defined as A — LL, we strictly speaking do not need 
rules for —. But if we did, this is what theyd look like: 


[4]" 


n =Intro 


all: 
aA 
Examples of Derivations 


1.+} A> (AA 1), ie., + A— ((A > L) > 1) 
Aj? A>]! 
ae LAP 
_ Gor om 
A> (A> LPL 


— Intro 


2.+((AAB) > C)> (A> (B- C)) 
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[A]? [By 


(AA B) > C]? FUG ei ae 


Elim 


C 
2 Bac sslendS Beare 
A> (BC) 


° ((AA B)->C)> (A> (B->C)) — Intro 


3. EA(AA AA), ie, (AA (A> L)) OL 


- 1 = 1 
ANA “| aie ANE L)] 


1 alg 
(AA (A> 1L)) OL 


AElim 


— Elim 
— Intro 


4. Fan(AV AA), ie, (AV (A> 1L)) OL) L 


(AVES aPy Avasw 
L — Elim 
aor ee — Intro 
ee Ey ale 
[((Av (A> 1)) > 1)? Av (A> 1) 
— Elim 


ue 


(avs yspsr ne 


Proposition 7.8. fT + A in intuitionistic logic, [ + A in classical 
logic. In particular, if A is an intuitionistic theorem, it is also a classical 
theorem. 


Proof. Every natural deduction rule is also a rule in classical nat- 
ural deduction, so every derivation in intuitionistic logic is also 
a derivation in classical logic. Oo 


7.5 Axiomatic Derivations 


Axiomatic derivations for intuitionistic propositional logic are 
the conceptually simplest, and historically first, derivation sys- 
tems. They work just as in classical propositional logic. 


CHAPTER 7. INTRODUCTION 127 


Definition 7.9 (Derivability). If [is a set of formulas of & 
then a derivation from I is a finite sequence Aj, ..., A, of formulas 
where for each i < n one of the following holds: 


1. A; € I; or 
2. A; is an axiom; or 


3. A; follows from some A; and A; with j < i and k < i by 
modus ponens, i.e., Az = A; — Aj. 


Definition 7.10 (Axioms). The set of Axo of axioms for the in- 
tuitionistic propositional logic are all formulas of the following 


forms: 
(AA B)—- A (7.1) 
(AA B)->B (7.2) 
A> (B-(AAB)) (7.3) 
A—(AVB) (7.4) 
A— (BV A) (7.5) 
(A> C) > ((B> C) > (AV B) > C)) (7.6) 
A— (B—- A) (7.7) 
(A> (B>C)) —> (A> B) > (A C)) (7.8) 
LoA (7.9) 


Definition 7.11 (Derivability). A formula A is derivable from 
I’, written [+ A, if there is a derivation from I ending in A. 


Definition 7.12 (Theorems). A formula A is a theorem if there 
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is a derivation of A from the empty set. We write + A if A is a 
theorem and ¥ A if it is not. 


Proposition 7.13. [f[' + A in intuitionistic logic, [ + A in classical 
logic. In particular, if A is an intuitionistic theorem, it is also a classical 
theorem. 


Proof. Every intuitionistic axiom is also a classical axiom, so ev- 
ery derivation in intuitionistic logic is also a derivation in classi- 
cal logic. q 


Problems 


Problem 7.1. Give derivations in intuitionistic logic of the fol- 
lowing formulas: 


1. (AAV B) > (A> B) 

2, 245A -7A 

3. a7(A A B) & (274 A 7B) 
4. (AV B) & (AAA -B) 

5. (AAV AB) > 7(AA B) 


6. a7(A A B) > (=74 V 7B) 


CHAPTER 8 


Semantics 


8.1 Introduction 


No logic is satisfactorily described without a semantics, and in- 
tuitionistic logic is no exception. Whereas for classical logic, the 
semantics based on valuations is canonical, there are several com- 
peting semantics for intuitionistic logic. None of them are com- 
pletely satisfactory in the sense that they give an intuitionistically 
acceptable account of the meanings of the connectives. 

The semantics based on relational models, similar to the se- 
mantics for modal logics, is perhaps the most popular one. In 
this semantics, propositional variables are assigned to worlds, 
and these worlds are related by an accessibility relation. That re- 
lation is always a partial order, i.e., it is reflexive, antisymmetric, 
and transitive. 

Intuitively, you might think of these worlds as states of knowl- 
edge or “evidentiary situations.” A state w’ is accessible from w 
iff, for all we know, w’ is a possible (future) state of knowledge, 
i.e., one that is compatible with what’s known at w. Once a propo- 
sition is known, it can’t become un-known, i.e., whenever A is 
known at w and Rww’, A is known at w’ as well. So “knowledge” 
is monotonic with respect to the accessibility relation. 

If we define “A is known” as in epistemic logic as “true in all 
epistemic alternatives,” then AA B is known at w if in all epistemic 
alternatives, both A and B are known. But since knowledge is 
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monotonic and R is reflexive, that means that A A B is known 
at w iff A and B are known at w. For the same reason, A V B 
is known at w iff at least one of them is known. So for A and 
V, the truth conditions of the connectives coincide with those in 
classical logic. 

The truth conditions for the conditional, however, differ from 
classical logic. A — B is known at w iff at no w’ with Rww’, A is 
known without B also being known. This is not the same as the 
condition that A is unknown or B is known at w. For if we know 
neither A nor B at w, there might be a future epistemic state w’ 
with Rww’ such that at w’, A is known without also coming to 
know B. 

We know —A only if there is no possible future epistemic state 
in which we know A. Here the idea is that if A were knowable, 
then in some possible future epistemic state A becomes known. 
Since we can’t know , in that future epistemic state, we would 
know A but not know LL. 

On this interpretation the principle of excluded middle fails. 
For there are some A which we don’t yet know, but which we 
might come to know. For such a formula A, both A and =A are 
unknown, so A V —=A is not known. But we do know, e.g., that 
=(A A -—A). For no future state in which we know both A and =A 
is possible, and we know this independently of whether or not we 
know A or 7A. 

Relational models are not the only available semantics for 
intuitionistic logic. The topological semantics is another: here 
propositions are interpreted as open sets in a topological space, 
and the connectives are interpreted as operations on these sets 
(e.g., A corresponds to intersection). 


8.2 Relational models 


In order to give a precise semantics for intuitionistic proposi- 
tional logic, we have to give a definition of what counts as a model 
relative to which we can evaluate formulas. On the basis of such 
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a definition it is then also possible to define semantics notions 
such as validity and entailment. One such semantics is given by 
relational models. 


Definition 8.1. A relational model for intuitionistic proposi- 
tional logic is a triple M = (W,R,V), where 


1. 


2. 


W is a non-empty set, 


R is a partial order (i.e., a reflexive, antisymmetric, and 
transitive binary relation) on W, and 


. V is a function assigning to each propositional variable p 


a subset of W, such that 


. V is monotone with respect to R, ie., if w ¢€ V(p) and 


Rww’, then w’ € V(p). 


Definition 8.2. We define the notion of A being true at w in M, 
M,w + A, inductively as follows: 


1. 


Dn oO 


A=p: M,wt A iff w ¢V(p). 


.-A=L: not M,wt A. 

. A=AB: M,w t A iff for no w’ such that Rww’, M,w’ t B. 
-A=BAC: M,wtA iff M,wt Band M,wt C. 
-A=BVC: M,wt A iff M,w + Bor M,w t C (or both). 


.A=B-C: M,w t A iff for every w’ such that Rww’, not 


M,w’ + B or M,w’ t C (or both). 


We write M,w #« A if not M,w t A. If I is a set of formulas, 
M,wtTI means M,wt B forall BeT. 
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Proposition 8.3. Truth at worlds is monotonic with respect to R, i.e., 
ifM,w t A and Rww'’, then M,w' t A. 


Proof. Exercise. Oo 


8.3 Semantic Notions 


Definition 8.4. We say A is true in the model M = (W,R,V), M tt 
A, iff M,w t A for all w € W. A is valid, © A, iff it is true in all 
models. We say a set of formulas I entails A, I + A, iff for every 
model M and every w such that M,w + , M,w tt A. 


Proposition 8.5. 1. IfM,wt I andI & A, then M,w t A. 


2. IfMt I andl & A, thenM t A. 


Proof. 1. Suppose M t I. Since I & A, we know that if M,w tt 
I, then M,w t A. Since M,u t+ I for all every u € W, 
M,wtTI. Hence M,w t A. 


2. Follows immediately from (1). oO 


Definition 8.6. Suppose M is a relational model and w € W. 
The restriction My = (Wy, Rw,Vw) of M to w is given by: 


Wy ={uEeW: Rwu}, 
wi=Rn (Ww)?, and 
Vw (p) = V (p) NW. 


Proposition 8.7. M,w t A iffMy I A. 
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Proposition 8.8. Suppose for every model M such thatMt IT, Mt 
A. Then I & A. 


Proof. Suppose that M,w t I’. By the Proposition 8.7 applied 
to every B ¢ I’, we have M, t I’. By the assumption, we have 
M, ' A. By Proposition 8.7 again, we get M,w tr A. o 


8.4 Topological Semantics 


Another way to provide a semantics for intuitionistic logic is us- 
ing the mathematical concept of a topology. 


Definition 8.9. Let X bea set. A topology on X isa set © C 9(X) 
that satisfies the properties below. The elements of © are called 
the open sets of the topology. The set X together with © is called 
a topological space. 


1. The empty set and the entire space are open: 0, X € 6. 


2. Open sets are closed under finite intersections: if U, V € © 
then UNV € 6 


3. Open sets are closed under arbitrary unions: if U; € © for 
alli e J, then U{U; :ie I} €6. 


We may write X for a topology if the collection of open sets 
can be inferred from the context; note that, still, only after X is 
endowed with open sets can it be called a topology. 


Definition 8.10. A topological model of intuitionistic proposi- 
tional logic is a triple X = (X,0,V) where © is a topology on X 
and V is a function assigning an open set in © to each proposi- 
tional variable. 

Given a topological model X, we can define [ A] x inductively 
as follows: 
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1. [L]x =90 

- [p)x = V(p) 

3- [AA B]x = [Alx 9 [TB] x 
4. [AV B]x = [A] x U [B] x 


5. [A> B]x = Int((X \ [A] x) U [BI] x) 


bo 


Here, Int(V) is the function that maps a set V C X to its interior, 
that is, the union of all open sets it contains. In other words, 


Int(V) =|_J{U:U CV and U € 6}. 


Note that the interior of any set is always open, since it is a 
union of open sets. Thus, [A]x is always an open set. 

Although topological semantics is highly abstract, there are 
ways to think about it that might motivate it. Suppose that the 
elements, or “points,” of X are points at which statements can be 
evaluated. The set of all points where A is true is the proposition 
expressed by A. Not every set of points is a potential proposition; 
only the elements of © are. At B iff B is true at every point at 
which A is true, ie., [A]x © [B]x, for all X. The absurd state- 
ment 1 is never true, so [1], = 0. How must the propositions 
expressed by BAC, BV C, and B — C be related to those ex- 
pressed by B and C for the intuitionistically valid laws to hold, 
i.e., so that A+ B iff [A]x c [B]x. 1+ A for any A, and only 
0 CU for all U. Since BAC + B, [BA C]x © [B]x, and sim- 
ilarly [B A C]x © [C]x. The largest set satisfying W C U and 
W CVisUNV. Conversely, B+ BV C and C+ BV C, and so 
[B]x © [BV C]x and [C]x ¢ [BV C]x. The smallest set W 
such that U CW and V CW is U UV. The definition for — is 
tricky: A — B expresses the weakest proposition that, combined 
with A, entails B. That A— B combined with A entails B is clear 
from (A > B) AAt B. So [A— B]x should be the greatest open 
set such that [A— B]xN[A]x Cc [B]x, leading to our definition. 


CHAPTER 8. SEMANTICS 135 


Problems 


Problem 8.1. Show that according to Definition 8.2, M,w =A 
iff M,w tt A- LL. 


Problem 8.2. Prove Proposition 8.3. 


Problem 8.3. Prove Proposition 8.7. 


CHAPTER 9 


Soundness and 
Completeness 


g.1 Soundness of Axiomatic Derivations 


Theorem 9.1 (Soundness). /fI' + A, thenI & A. 


Proof. We prove that if [ + A, then [ & A. The proof is by 
induction on the number 2 of formulas in the derivation of A 
from I’. We show that if Ai, ..., A, = A is a derivation from I, 
then + A,. Note that if Aj, ..., A, is a derivation, so is Aj,..., 
A;, for any k < n. 

There are no derivations of length 0, so for n = 0 the claim 
holds vacuously. So the claim holds for all derivations of length < 
n. We distinguish cases according to the justification of Ap. 


1. A, is an axiom. All axioms are valid, so [+ A, for any I. 


2. A, € I. Then for any M and w, if M,w t I, obviously 
Mt IA,[w], ie., Fe A. 


3. An follows by mp from A; and A; = A; > An. Aj, ..., Ai 
and Aj, ..., A; are derivations from I’, so by inductive 
hypothesis, 7 + A; and [+ A; > Ap. 
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Suppose M,w t I. Since M,w + IT and I’ + A; — Ap, 
M,w t A; — A,. By definition, this means that for all w’ 
such that Rww’, if M,w’ t A; then M,w’ t A,. Since R is 
reflexive, w is among the w’ such that Rww’, i.e., we have 
that if M,w t A; then M,w t A,. Since I + A;, M,w tt Aj. 
So, M,w t+ A,, as we wanted to show. oO 


g.2 Soundness of Natural Deduction 


We will now prove soundness of natural deduction with regards 
to the relational semantics, that is, showing that if a formula is 
derivable from a set of assumptions then the set of assumptions 
entails the formula. 


Theorem 9.2 (Soundness). /fI' + A, thenI & A. 


Proof. We prove that if [ + A, then [ & A. The proof is by 
induction on the derivation of A from I. 


1. If the derivation consists of just the assumption A, we have 
At A, and want to show that AF A. Suppose that M,w |r A. 
Then trivially M,w t A. 


2. The derivation ends in AIntro: Exercise. 
3. The derivation ends in AElim: Exercise. 


4. The derivation ends in VIntro: Suppose the premise is B, 
and the undischarged assumptions of the derivation end- 
ing in B are [. Then we have J + B and by inductive 
hypothesis, [ + B. We have to show that [+ BV C. Sup- 
pose M,w t I. Since + B, M,w t B. But then also 
M,w t BY C. Similarly, if the premise is C, we have that 
rec. 
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5. The derivation ends in VElim: The derivations ending in 
the premises are of BV C from undischarged assumptions I’, 
of D from undischarged assumptions 4; U {B}, and of D 
from undischarged assumptions 4 U {C’}. So we have I + 
BV C, 4, U{B} + D, and 49 U {C} + D. By induction 
hypothesis, 2 + BV C, 4; U{B} & D, and 4,U{C} & D. We 
have to prove that [ U 4 U 49 F D. 


Suppose M,w tt [UA,U 49. Then M,w t I and since [ 
BVC,M,w t BY C. By definition of M t, either M,w t B 
or M,w t+ C. So we distinguish cases: (a) M + B[w]. Then 
M,w t 4, U {B}. Since 4; UB F D, we have M,w t D. 
(b) M,w t C. Then M,w t 49g U{C}. Since 42 UC & D, we 
have M,w t+ D. So in either case, M,w tt D, as we wanted 
to show. 


6. The derivation ends with —Intro concluding B— C. Then 
the premise is C, and the derivation ending in the premise 
has undischarged assumptions J’ U {B}. So we have that 
I U{B}+ C, and by induction hypothesis that [U{B} § C. 
We have to show that + BC. 


Suppose M,w t I. We want to show that for all w’ such 
that Rww’, if M,w’ + B, then M,w’ t C. So assume that 
Rww' and M,w’ t B. By Proposition 8.3, M,w’ t I. Since 
I U{B} & C, M,w’ tt C, which is what we wanted to show. 


7. The derivation ends in —Elim and conclusion C. The 
premises are B — C and B, with derivations from undis- 
charged assumptions [, 4. So we have [+ B—C and 
At B. By inductive hypothesis, [ + B > C and 4+ B. We 
have to show that [UAr C. 


Suppose M,wt UA. Since M,wt Tandr +t BOC, 
M,w t+ B—C. By definition, this means that for all w’ 
such that Rww’, if M,w’ + B then M,w’ t C. Since R is 
reflexive, w is among the w’ such that Rww’, i.e., we have 
that if M,w t B then M,wt C. Since M,w tt A and Ae B, 
M,w t B. So, M,w t C, as we wanted to show. 
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8. The derivation ends in 17, concluding A. The premise is 
1 and the undischarged assumptions of the derivation of 
the premise are 7. Then J+ 1. By inductive hypothesis, 
I’ t 1. We have to show IF A. 


We proceed indirectly. If [ ¥ A there is a model M and 
world w such that M,w t+ TF and M,w # A. Since I & 1, 
M,w t L. But that’s impossible, since by definition, M,w # 
1. Sole. 


g. The derivation ends in —Intro: Exercise. 


10. The derivation ends in -Elim: Exercise. oO 


9-3 Lindenbaum’s Lemma 


The completeness theorem for intuitionistic logic is proved by 
assuming J ¥ A and constructing a model M+ IT and M ¥ A. 

In classical logic the relation of derivability can be reduced 
to the notion of consistency since a formula A is derivable from 
a set of formulas iff the set together with the negation of A is 
inconsistent. This is not possible in intuitionistic logic. In in- 
tuitionistic logic, if —A is inconsistent, we only get that + =-/. 
Since ==A — A does not hold intuitionistically in general, we 
cannot conclude that + A. 

Thus, when constructing the model M, we will need to keep 
track of the non-derivability of the formula A and thus we will 
not be able to use a complete set J“ 3 I to build the model M, 
as in every complete set J“, we have [* + AV 7A. 

Instead of using a complete set J“, we will us the notion of a 
prime set of formulas: 


Definition 9.3. A set of formulas I is prime iff 


1. I is consistent, i.e., [ ¥ 1; 
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2. if + Athen Ae J; and 


3. if AVBelTthenAcTlorBeTl. 


Lemma 9.4 (Lindenbaum’s Lemma). /fI ¥ A, there isa I* 2 
I’ such that I* is prime and I™ ¥ A. 


Proof. Let By V Cy, By V Co, ..., be an enumeration of all formulas 
of the form BV C. We'll define an increasing sequence of sets of 
formulas I’,, where each /,,; is defined as I’, together with one 
new formula. /* will be the union of all ,. The new formulas 
are selected so as to ensure that J“ is prime and still [* ¥ A. This 
means that at each step we should find the first disjunction B; V C; 
such that: 


1. Ty, + BV CG; 
2. B; € Ty, and C; ¢Iy 


We add to I, either B; if I, U {B;} ¥ A, or C; otherwise. We'll 
have to show that this works. For now, let’s define i(z) as the 
least 7 such that (1) and (2) hold. 

Define J) = J and 


ae In, U{Cin)} otherwise 


If i(m) is undefined, i.e., whenever J, + BV C, either B € I, or 
C € Ty, we let Pns1 = In. Now let F* = UP Tn 

First we show that for all n, I, ¥ A. We proceed by induction 
on n. For n = 0 the claim holds by the hypothesis of the theorem, 
ie.,  ¥ A. If n > 0, we have to show that if I, ¥ A then °,,; ¥ A. 
If i(n) is undefined, [41 = [, and there is nothing to prove. So 
suppose i(7) is defined. For simplicity, let i = i(n). 

We'll prove the contrapositive of the claim. Suppose [41 + 
A. By construction, In41 = In U {Bj} if Im U {Bi} ¥ A, or else 
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Invi = In U{CG;}. It clearly can’t be the first, since then [7,41 ¥ A. 
Hence, [;, U {B;} + A and In41 = I U {C;}. By definition of i(n), 
we have that IT, + B; V C;. We have I, U {B;} + A. We also have 
Ina = I, U {C;} + A. Hence, I, + A, which is what we wanted to 
show. 

If [* + A, there would be some finite subset 1’ C I* such 
that ’’ + A. Each D € I’ must be in J; for some i. Let n be the 
largest of these. Since 7; C I, if i <n, I’’ CT). But then I, + A, 
contrary to our proof above that I, ¥ A. 

Lastly, we show that [* is prime, i.e., satisfies conditions (1), 
(2), and (3) of Definition 9.3. 

First, [* ¥ A, so I’* is consistent, so (i) holds. 

We now show that if /* + BVC, then either B € [* or C € I. 
This proves (3), since if B VC ¢€ I* then also 7* + BV C. So 
assume J/* + BVC but B¢é I* and C ¢I*. Since * + BV C, 
I, + BY C for some n. B V C appears on the enumeration of all 
disjunctions, say, as B; VC;. B; V C; satisfies the properties in the 
definition of i(m), namely we have [;, + B; V Cj, while B; ¢ Ty, 
and C; ¢ I,. At each stage, at least one fewer disjunction B; V C; 
satisfies the conditions (since at each stage we add either B; or 
C;), so at some stage m we will have j = i(m). But then either 
B€ In41 or C € In41, contrary to the assumption that B ¢ I™ 
andC ¢I™. 

Now suppose J/* + B. Then J* + BV B. But we’ve just 
proved that if /* + BV B then B € I*. Hence, I™ satisfies (2) 
of Definition 9.3. Oo 


9.4 The Canonical Model 


The worlds in our model will be finite sequences o of natural 
numbers, i.e., 7 € N*. Note that N” is inductively defined by: 


1. AEN*. 


2. Ifo € N* andn EN, then o.n € N* (where o.n is 0 — (n) 
and 0 — a’ is the concatenation if 0 and a’). 
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3. Nothing else is in N*. 


So we can use N* to give inductive definitions. 

Let (B1,Ci), (Bo,Co), ..., be an enumeration of all pairs of 
formulas. Given a set of formulas 4, define 4(c~) by induction as 
follows: 


1. A(A) =A 
2. A(o.n) = 


(A(o) U{Bn})* if A(o) U{ Br} ¥ Ch 
A(o) otherwise 


Here by (4(a) U {B,})* we mean the prime set of formulas which 
exists by Lemma 9.4 applied to the set A(o~) U {B,} and the for- 
mula C,,. Note that by this definition, if 4(7) U {B,} ¥ Cy, then 
A(o.n) + B, and A(o.n) ¥ C,. Note also that A(a7) € A(o.n) for 
any n. If 4 is prime, then A() is prime for all o. 


Definition 9.5. Suppose 4 is prime. Then the canonical model 
M(A) for 4 is defined by: 


1. W =N’, the set of finite sequences of natural numbers. 


2. R is the partial order according to which Roo’ iff o is 
an initial segment of o’ (ie, o’ = o — o” for some se- 
quence o”’). 


3. Vip) ={o: p € A(o)}. 
It is easy to verify that R is indeed a partial order. Also, the 


monotonicity condition on V is satisfied. Since 4(7) € A(o.n) 
we get 4(7) C A(o’) whenever Roo’ by induction on o. 


9.5 The Truth Lemma 
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Lemma 9.6. [fA is prime, then M(A),0 + A iff A(o) + A. 
Proof. By induction on A. 


1. A= 1: Since 4(c) is prime, it is consistent, so 4(o) ¥ A. 
By definition, M(4),o # A. 


2. A= p: By definition of +, M(A),o t A iff o € V(p), ie., 
A(o) FA, 


3. A=-B: exercise. 


4. A= BAC: M(4),c t A iff M(A),o + Band M(A),o FC. 
By induction hypothesis, M(4),o + B iff 4(o) + B, and 
similarly for C. But 4(o7) + Band A(o) + C iff A(o) + A. 


5 A=BVC: M(A),c + A iff M(A),0 + Bor M(A),o FC. 
By induction hypothesis, this holds iff A(a7) + B or A(~) + 
C. We have to show that this in turn holds iff A4(a) + A. 
The left-to-right direction is clear. The right-to-left direction 
follows since 4(c) is prime. 


6. A=B—C: First the contrapositive of the left-to-right di- 
rection: Assume 4(o7) FX BC. Then also A(a) U{B} ¥ C. 
Since (B,C) is (By,C,) for some n, we have A(o.n) = 
(A(o) U {B})*, and A(o.n) + B but A(o.n) ¥ C. By in- 
ductive hypothesis, M(A4),o.n t+ B and M(A),o.n # C. 
Since Ro(c.n), this means that M(A),o # A. 


Now assume A(o) + B— C, and let Roa’. Since A(o) C 
A(o’), we have: if A(o’) + B, then A(o’) + C. In other 
words, for every a’ such that Roo’, either A(o’) ¥ B or 
A(o’) + C. By induction hypothesis, this means that when- 
ever Roo’, either M(/4),o’ * B or M(A4),o’ t+ C, ie, 
M(A),o It A. Oo 
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9.6 The Completeness Theorem 


Theorem 9.7. [f[' § A thenI'+ A. 


Proof. We prove the contrapositive: Suppose [ ¥ A. Then by 
Lemma 9.4, there is a prime set /* > I such that [* ¥ A. Con- 
sider the canonical model M(/“*) for I’* as defined in Defini- 
tion 9.5. For any Be I, I* + B. Note that (A) = I”. By the 
Truth Lemma (Lemma 9.6), we have M(J™),A t B for all Be T 
and M(I“*),A # A. This shows that I’ ¥ A. Oo 


9-7. Decidability 


Observe that the proof of the completeness theorem gives us for 
every I’ ¥ Aa model with an infinite number of worlds witnessing 
the fact that [ ¥ A. The following proposition shows that to prove 
t A it is enough to prove that M t A for all finite models (i.e., 
models with a finite set of worlds). 


Theorem 9.8. [f# A then there is a finite model M’ # A. 


Proof. Assume M = (W,R,V) is such that M # A and P 
is the set of propositional variables occurring in A. Define 
M’ = (W’,R’,V’) by letting W’ = {[w] : w € W} where 
[w] = {p ¢ P: w € V(p)}, R’ be the subset relation, and 
V’(p) = {[w] : p € [w]}. It should be clear that W’ is a finite set 
and that M’ is a relational model. 

It can be shown, by induction on A, that 


M,w t A iff M’,[w] + A 


for all formulas A with only propositional variables from P. This 
is left as an exercise for the reader. Oo 


From Theorem 9.8 it follows that there is an algorithm to 
decide whether F A. 
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Problems 


Problem 9.1. Complete the proof of Theorem 9.2. For the cases 
for sIntro and Elim, use the definition of M,w 7A in Defini- 
tion 8.2, ie., don’t treat —A as defined by A — LL. 


Problem 9.2. Show that the following formulas are not derivable 
in intuitionistic logic: 


1. (A> B)V(B- A) 
2, (3x44 > A) > (AV =A) 
3. (AS BVC) > ((A>B)V(A>0C)) 


Problem 9.3. Show that if [ ¥ . then I is consistent in classical 
logic, i.e., there is a valuation making all formulas in I true. 


Problem 9.4. Show that if A only contains propositional vari- 
ables, V, and A, then # A. Use this to conclude that — is not 
definable in intuitionistic logic from V and A. 


Problem 9.5. By using the completeness theorem prove that if 
+t AV Bthent A ort B. (Hint: Assume M, * A and Mo ¥ B and 
construct a new model M such that M ¥ AV B.) 


Problem 9.6. Show that if M is a relational model using a linear 
order then M + (A> B) v (B— A). 


Problem 9.7. Finish the proof of Theorem 9.8 by showing that 
M,w t A iff M’,[w] t A for all formulas A with only proposi- 


tional variables from P. 


PART Ill 


Counter- 
factuals 


CHAPTER 10 


Introduction 


10.1 The Material Conditional 


In its simplest form in English, a conditional is a sentence of the 
form “If ...then ...,” where the ... are themselves sentences, 
such as “If the butler did it, then the gardener is innocent.” In 
introductory logic courses, we earn to symbolize conditionals us- 
ing the — connective: symbolize the parts indicated by ..., e.g., 
by formulas A and B, and the entire conditional is symbolized by 
AB. 

The connective — is truth-functional, i.e., the truth value—T 
or F—of A — B is determined by the truth values of A and B: 
A — B is true iff A is false or B is true, and false otherwise. 
Relative to a truth value assignment v, we define v - A — B iff 
v # Aorvt B. The connective — with this semantics is called 
the material conditional. 

This definition results in a number of elementary logical facts. 
First of all, the deduction theorem holds for the material condi- 
tional: 


Iff,Aet Bthenl r&b AB (10.1) 

It is truth-functional: A — B and —A Vv B are equivalent: 
A->BtnAAVB (10.2) 
AAVBEA->B (10.3) 
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A material conditional is entailed by its consequent and by the 
negation of its antecedent: 


BErA~B (10.4) 

AAFA—->B (10.5) 

A false material conditional is equivalent to the conjunction of its 
antecedent and the negation of its consequent: if A — B is false, 


AA —WB is true, and vice versa: 


=(A—> B)EAAAB (10.6) 
AA7BrE-7(A— B) (10.7) 


The material conditional supports modus ponens: 
AA—->BtB (10.8) 
The material conditional agglomerates: 
A> B,A->CFEA->(BAC) (10.9) 


We can always strengthen the antecedent, i.e., the conditional is 
monotonic: 


A->Br(AAC)>B (10.10) 
The material conditional is transitive, i.e., the chain rule is valid: 
A->B,BOoCrA->C (10.11) 

The material conditional is equivalent to its contrapositive: 


A-—>BtaAB--7A (10.12) 
AB—-7AArFA->B (10.13) 
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These are all useful and unproblematic inferences in mathe- 
matical reasoning. However, the philosophical and linguistic liter- 
ature is replete with purported counterexamples to the equivalent 
inferences in non-mathematical contexts. These suggest that the 
material conditional — is not—or at least not always—the ap- 
propriate connective to use when symbolizing English “if ...then 

.” statements. 


10.2 Paradoxes of the Material Conditional 


One of the first to criticize the use of A— B as a way to symbolize 
“if ...then ...” statements of English was C. I. Lewis. Lewis was 
criticizing the use of the material condition in Whitehead and 
Russell’s Principia Mathematica, who pronounced — as “implies.” 
Lewis rightly complained that if — meant “implies,” then any 
false proposition p implies that p implies ¢, since p — (p — q) is 
true if p is false, and that any true proposition g implies that p 
implies q, since g — (p — @) is true if q¢ is true. 

Logicians of course know that implication, i.e., logical entail- 
ment, is not a connective but a relation between formulas or state- 
ments. So we should just not read — as “implies” to avoid confu- 
sion.’ As long as we don’t, the particular worry that Lewis had 
simply does not arise: p does not “imply” q even if we think of 
p as standing for a false English sentence. To determine if p F ¢ 
we must consider all valuations, and p ¥ g even when we use p 
to symbolize a sentence which happens to be false. 

But there is still something odd about “if ...then...” state- 
ments such as Lewis’s 


If the moon is made of green cheese, then 2+ 2 = 4. 


and about the inferences 


+Reading “—” as “implies” is still widely practised by mathematicians and 
computer scientists, although philosophers try to avoid the confusions Lewis 
highlighted by pronouncing it as “only if.” 
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The moon is not made of green cheese. Therefore, if 
the moon is made of green cheese, then 2+ 2 = 4. 


2+2=4. Therefore, if the moon is made of green 
cheese, then 2 + 2 = 4. 


Yet, if “if ...then ...” were just —, the sentence would be un- 
problematically true, and the inferences unproblematically valid. 

Another example of concerns the tautology (A—B)Vv(B—A). 
This would suggest that if you take two indicative sentences S and 
T from the newspaper at random, the sentence “If S' then 7, or 
if T then S” should be true. 


10.3 The Strict Conditional 


Lewis introduced the strict conditional -3 and argued that it, not 
the material conditional, corresponds to implication. In alethic 
modal logic, A -3 B can be defined as O(A — B). A strict con- 
ditional is thus true (at a world) iff the corresponding material 
conditional is necessary. 

How does the strict conditional fare vis-a-vis the paradoxes 
of the material conditional? A strict conditional with a false an- 
tecedent and one with a true consequent, may be true, or it may 
be false. Moreover, (A 3 B) V (B 3 A) is not valid. The strict 
conditional A -3 B is also not equivalent to =A V B, so it is not 
truth functional. 


We have: 
A3Be7AAVB but: (10.14) 
AAVBEA 3B (10.15) 
BEA 3B (10.16) 
AA¥A3B (10.17) 
=(A—> B) ¥ AA -=B but: (10.18) 


AA 7ABrE-7(A 3B) (10.19) 
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However, the strict conditional still supports modus ponens: 
A,A3BEB (10.20) 
The strict conditional agglomerates: 
A3B,A32CEA3(BAC) (10.21) 
Antecedent strengthening holds for the strict conditional: 
A3BrE(AAC) 3B (10.22) 
The strict conditional is also transitive: 
Az3B,B3CFEA3C (10.23) 
Finally, the strict conditional is equivalent to its contrapositive: 


Az3Btr=AB3-A (10.24) 
AB 37AAFA3B (10.25) 


However, the strict conditional still has its own “paradoxes.” 
Just as a material conditional with a false antecedent or a true 
consequent is true, a strict conditional with a necessarily false an- 
tecedent or a necessarily true consequent is true. Moreover, any 
true strict conditional is necessarily true, and any false strict con- 
ditional is necessarily false. In other words, we have 


OAAFA3B (10.26) 
OBFA3B (10.27) 
A3z3BrO(A 3B) (10.28) 
A(A 3 B) FO7(A 3 B) (10.29) 


These are not problems if you think of = as “implies.” Logical 
entailment relationships are, after all, mathematical facts and so 
can’t be contingent. But they do raise issues if you want to use 
3 as a logical connective that is supposed to capture “if ...then 
...,” especially the last two. For surely there are “if ...then ...” 
statements that are contingently true or contingently false—in 
fact, they generally are neither necessary nor impossible. 
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10.4 Counterfactuals 


A very common and important form of “if ...then ...” construc- 
tions in English are built using the past subjunctive form of to 
be: “if it were the case that ...then it would be the case that ...” 
Because usually the antecedent of such a conditional is false, i-e., 
counter to fact, they are called counterfactual conditionals (and 
because they use the subjunctive form of to be, also subjunctive 
conditionals. They are distinguished from indicative conditionals 
which take the form of “if it is the case that ...then it is the 
case that ...” Counterfactual and indicative conditionals differ 
in truth conditions. Consider Adams’s famous example: 


If Oswald didn’t kill Kennedy, someone else did. 


If Oswald hadn’t killed Kennedy, someone else would 
have. 


The first is indicative, the second counterfactual. The first is 
clearly true: we know President John F. Kennedy was killed by 
someone, and if that someone wasn’t (contrary to the Warren Re- 
port) Lee Harvey Oswald, then someone else killed Kennedy. 
The second one says something different. It claims that if Os- 
wald hadn’t killed Kennedy, i.e., if the Dallas shooting had been 
avoided or had been unsuccessful, history would have subse- 
quently unfolded in such a way that another assassination would 
have been successful. In order for it to be true, it would have to 
be the case that powerful forces had conspired to ensure JFK’s 
death (as many JFK conspiracy theorists believe). 

It is a live debate whether the indicative conditional is cor- 
rectly captured by the material conditional, in particular, whether 
the paradoxes of the material conditional can be “explained” in 
a way that is compatible with it giving the truth conditions for 
English indicative conditionals. By contrast, it is uncontrover- 
sial that counterfactual conditionals cannot be symbolized cor- 
rectly by the material conditionals. That is clear because, even 
though generally the antecedents of counterfactuals are false, not 
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all counterfactuals with false antecedents are true—for instance, 
if you believe the Warren Report, and there was no conspiracy 
to assassinate JFK, then Adams’s counterfactual conditional is an 
example. 

Counterfactual conditionals play an important role in causal 
reasoning: a prime example of the use of counterfactuals is to ex- 
press causal relationships. E.g., striking a match causes it to light, 
and you can express this by saying “if this match were struck, 
it would light.” Material, and generally indicative conditionals, 
cannot be used to express this: “the match is struck — the match 
lights” is true if the match is never struck, regardless of what 
would happen if it were. Even worse, “the match is struck — the 
match turns into a bouquet of flowers” is also true if it is never 
struck, but the match would certainly not turn into a bouquet of 
flowers if it were struck. 

It is still debated What exactly the correct logic of counter- 
factuals is. An influential analysis of counterfactuals was given 
by Stalnaker and Lewis. According to them, a counterfactual “if 
it were the case that S' then it would be the case that 7” is true iff 
T is true in the counterfactual situation (“possible world”) that 
is closest to the way the actual world is and where S is true. This 
is called an “ontic” analysis, since it makes reference to an ontol- 
ogy of possible worlds. Other analyses make use of conditional 
probabilities or theories of belief revision. There is a proliferation 
of different proposed logics of counterfactuals. There isn’t even 
a single Lewis-Stalnaker logic of counterfactuals: even though 
Stalnaker and Lewis proposed accounts along similar lines with 
reference to closest possible worlds, the assumptions they made 
result in different valid inferences. 


Problems 


Problem 10.1. Give S5-counterexamples to the entailment rela- 
tions which do not hold for the strict conditional, i.e., for: 


1. “p¥O(p— q) 
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2. qg#U(p—q) 
3. 7O(p > q) ¥ pA-g 
4. EO(poq) VO(q-p) 


Problem 10.2. Show that the valid entailment relations hold for 
the strict conditional by giving S5-proofs of: 


1. O/A—> B)EAAVB 

2. AAABe 7A0(A > B) 

3. A,o(A—> B)EB 

4. O(A > B),O(A > C) FO(A> (BAC)) 


(A> B)r O((AAC) 2B) 


nn 
oO 


6. O(A—> B),o(B > C)Fo(A->C) 


7. O(/A—> B)& O(-AB > =A) 


8. O(-B > 7A) F O(A > B) 
Problem 10.3. Give proofs in S5 of: 

1. OnBEA3B 

2. A3BeEO(A 3B) 

3. aA(A 3 B) FOA(A 3 B) 


Use the definition of -3 to do so. 


CHAPTER 11 
Minimal 
Change 


Semantics 


11.1 Introduction 


Stalnaker and Lewis proposed accounts of counterfactual condi- 
tionals such as “If the match were struck, it would light.” Their 
accounts were proposals for how to properly understand the truth 
conditions for such sentences. The idea behind both proposals is 
this: to evaluate whether a counterfactual conditional is true, we 
have to consider those possible worlds which are minimally dif- 
ferent from the way the world actually is to make the antecedent 
true. If the consequent is true in these possible worlds, then the 
counterfactual is true. For instance, suppose I hold a match and 
a matchbook in my hand. In the actual world I only look at them 
and ponder what would happen if I were to strike the match. The 
minimal change from the actual world where I strike the match 
is that where I decide to act and strike the match. It is minimal 
in that nothing else changes: I don’t also jump in the air, striking 
the match doesn’t also light my hair on fire, I don’t suddenly lose 
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all strength in my fingers, I am not simultaneously doused with 
water in a SuperSoaker ambush, etc. In that alternative possibil- 
ity, the match lights. Hence, it’s true that if I were to strike the 
match, it would light. 

This intuitive account can be paired with formal semantics 
for logics of counterfactuals. Lewis introduced the symbol “>” 
for the counterfactual while Stalnaker used the symbol “>”. We'll 
use (>, and add it as a binary connective to propositional logic. 
So, we have, in addition to formulas of the form A — B also 
formulas of the form AO B. The formal semantics, like the 
relational semantics for modal logic, is based on models in which 
formulas are evaluated at worlds, and the satisfaction condition 
defining M,w t+ AO» B is given in terms of M,w’ + A and 
M,w’ t+ B for some (other) worlds w’. Which w’? Intuitively, 
the one(s) closest to w for which it holds that M,w’ t A. This 
requires that a relation of “closeness” has to be included in the 
model as well. 

Lewis introduced an instructive way of representing counter- 
factual situations graphically. Each possible world is at the center 
of a set of nested spheres containing other worlds—we draw these 
spheres as concentric circles. The worlds between two spheres are 
equally close to the world at the center as each other, those con- 
tained in a nested sphere are closer, and those in a surrounding 
sphere further away. 


The closest A-worlds are those worlds w’ where A is satisfied 
which lie in the smallest sphere around the center world w (the 
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gray area). Intuitively, A O> B is satisfied at w if B is true at all 
closest A-worlds. 


11.2 Sphere Models 


One way of providing a formal semantics for counterfactuals is 
to turn Lewis’s informal account into a mathematical structure. 
The spheres around a world w then are sets of worlds. Since the 
spheres are nested, the sets of worlds around w have to be linearly 
ordered by the subset relation. 


Definition 11.1. A sphere model is a triple M = (W,0,V) where 
W is a non-empty set of worlds, V: Aty — g(W) is a valua- 
tion, and 0: W —> 9(9—(W)) assigns to each world w a system of 
spheres Ow. For each w, Ow is a set of sets of worlds, and must 
satisfy: 


1. Ow is centered on w: {w} € Oy. 


2. Ow is nested: whenever S1, So € Ow, Sy C Sg or So C Sj, ie., 
Ow is linearly ordered by C. 


3. Ow is closed under non-empty unions. 


4. Ow is closed under non-empty intersections. 


The intuition behind O, is that the worlds “around” w are 
stratified according to how far away they are from w. The inner- 
most sphere is just w by itself, i.e., the set {w}: w is closer to w 
than the worlds in any other sphere. If S ¢ S’, then the worlds in 
S’ \ S are further way from w than the worlds in S: S’ \ § is the 
“layer” between the S and the worlds outside of $’. In particular, 
we have to think of the spheres as containing all the worlds within 
their outer surface; they are not just the individual layers. 

The diagram in Figure 11.1 corresponds to the sphere model 
with W = {w,wyj,...,w7}, V(p) = {ws5,we,w7}. The innermost 
sphere S$; = {w}. The closest worlds to w are w ),w2,w3, so the 
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Figure 11.1: Diagram of a sphere model 


next larger sphere is Sy = {w,w ,w,w3}. The worlds further out 
are W4, Ws, We, SO the outermost sphere is $3 = {w,wyj,..., we}. 
The system of spheres around w is Ow = {51,59,53}. The 
world w7 is not in any sphere around w. The closest worlds in 
which p is true are ws and we, and so the smallest p-admitting 
sphere is §3. 

To define satisfaction of a formula A at world w in a sphere 
model M, M,w t A, we expand the definition for modal formulas 
to include a clause for B D> C: 


Definition 11.2. M,w | BO C iff either 
1. For all wu € LJ Ow, M,u # B, or 
2. For some S$ € Ow, 
a) M,u t B for some u € S, and 


b) for all v € S, either M,v X B or M,v + C. 


According to this definition, M,w + BO C iff either the 
antecedent B is false everywhere in the spheres around w, or 
there is a sphere S where B is true, and the material conditional 
B — C is true at all worlds in that “B-admitting” sphere. Note 
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Figure 11.2: Non-vacuously true counterfactual 


that we didn’t require in the definition that S is the innermost B- 
admitting sphere, contrary to what one might expect from the 
intuitive explanation. But if the condition in (2) is satisfied for 
some sphere S’, then it is also satisfied for all spheres S contains, 
and hence in particular for the innermost sphere. 

Note also that the definition of sphere models does not re- 
quire that there is an innermost B-admitting sphere: we may 
have an infinite sequence S$; 2 Sy 2 --: 2 {w} of B-admitting 
spheres, and hence no innermost B-admitting spheres. In that 
case, M,w t+ BO> C iff B — C holds throughout the spheres Sj, 
Sis1, ..., for some 7. 


11.3 Truth and Falsity of Counterfactuals 


A counterfactual A O> B is (non-vacuously) true if the closest 
A-worlds are all B-worlds, as depicted in Figure 11.2. A counter- 
factual is also true at w if the system of spheres around w has no 
A-admitting spheres at all. In that case it is vacuously true (see 
Figure 11.3). 

It can be false in two ways. One way is if the closest A-worlds 
are not all B-worlds, but some of them are. In this case, A> =B 
is also false (see Figure 11.4). If the closest A-worlds do not 
overlap with the B-worlds at all, then A > B. But, in this case 
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Figure 11.3: Vacuously true counterfactual 


Figure 11.4: False counterfactual, false opposite 


all the closest A-worlds are —~B-worlds, and so A > —B is true 
(see Figure 11.5). 

In contrast to the strict conditional, counterfactuals may be 
contingent. Consider the sphere model in Figure 11.6. The A- 
worlds closest to u are all B-worlds, soM,u i A> B. But there 
are A-worlds closest to v which are not B-worlds, soM,v * ADB. 


11.4 Antecedent Strengthenng 


“Strengthening the antecedent” refers to the inference A > C F 
(A A B) > C. It is valid for the material conditional, but invalid 
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Figure 17.5: False counterfactual, true opposite 


Figure 11.6: Contingent counterfactual 


for counterfactuals. Suppose it is true that if I were to strike this 
match, it would light. (That means, there is nothing wrong with 
the match or the matchbook surface, I will not break the match, 
etc.) But it is not true that if I were to light this match in outer 
space, it would light. So the following inference is invalid: 


I the match were struck, it would light. 


Therefore, if the match were struck in outer space, it 
would light. 


The Lewis-Stalnaker account of conditionals explains this: 
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Figure 11.7: Counterexample to antecedent strengthening 


the closest world where I light the match and I do so in outer 
space is much further removed from the actual world than the 
closest world where I light the match is. So although it’s true that 
the match lights in the latter, it is not in the former. And that is 
as it should be. 


Example 11.3. The sphere semantics invalidates the infer- 
ence, ie, we have p O> r £- (p Aq) Gr. Consider 
the model M = (W,0,V) where W = {w,wyj,wo}, Ow = 
{{w}, {w, wi}, {w,wi,wo}}, V(p) = {wi,wo}, V(g) = {wo}, and 
V(r) = {wi}. There is a p-admitting sphere S$ = {w,w } and 
p—r7 is true at all worlds in it, so M,w + pO r. There is also a 
(pA q)-admitting sphere S’ = {w,w ),w2} but M,ws F (pAq)—>7, 
so M,w #¥ (p Aq) Dr (see Figure 11.7). 


11.5 ‘Transitivity 


For the material conditional, the chain rule holds: A—~ B,B->C F 
A — C. In other words, the material conditional is transitive. Is 
the same true for counterfactuals? Consider the following exam- 
ple due to Stalnaker. 
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If J. Edgar Hoover had been born a Russian, he would 
have been a Communist. 


If J. Edgar Hoover were a Communist, he would have 
been be a traitor. 


Therefore, If J. Edgar Hoover had been born a Rus- 
sian, he would have been be a traitor. 


If Hoover had been born (at the same time he actually did), not 
in the United States, but in Russia, he would have grown up in 
the Soviet Union and become a Communist (let’s assume). So 
the first premise is true. Likewise, the second premise, consid- 
ered in isolation is true. The conclusion, however, is false: in all 
likelihood, Hoover would have been a fervent Communist if he 
had been born in the USSR, and not been a traitor (to his coun- 
try). The intuitive assignment of truth values is borne out by the 
Stalnaker-Lewis account. The closest possible world to ours with 
the only change being Hoover’s place of birth is the one where 
Hoover grows up to be a good citizen of the USSR. This is the 
closest possible world where the antecedent of the first premise 
and of the conclusion is true, and in that world Hoover is a loyal 
member of the Communist party, and so not a traitor. To eval- 
uate the second premise, we have to look at a different world, 
however: the closest world where Hoover is a Communist, which 
is one where he was born in the United States, turned, and thus 
became a traitor.' 


Example 11.4. The sphere semantics invalidates the infer 
ence, ie., we have pO> ¢g,g Qe r - pO» 1. Consider 
the model M = (W,0,V) where W = {w,wj,wo}, Ow = 
{{w}, {w, wi}, {w,wi,wo}}, V(p) = {wo}, V(g) = {wi,wo}, and 
V(r) = {wi}. There is a p-admitting sphere S = {w,w1,wo} and 
p— ¢ is true at all worlds in it, so M,w It p > q. There is also 


+Of course, to appreciate the force of the example we have to take on 
board some metaphysical and political assumptions, e.g., that it is possible 
that Hoover could have been born to Russian parents, or that Communists in 
the US of the 1950s were traitors to their country. 
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a g-admitting sphere S’ = {w,w } and M # g — 7 is true at all 
worlds in it, so M,w It g > r. However, the p-admitting sphere 
{w,w ,w2} contains a world, namely wa, where M,wy KF p > r. 


11.6 Contraposition 


Material and strict conditionals are equivalent to their contra- 
positives. Counterfactuals are not. Here is an example due to 
Kratzer: 


If Goethe hadn’t died in 1832, he would (still) be dead 


now. 


If Goethe weren’t dead now, he would have died in 
1832. 


The first sentence is true: humans don’t live hundreds of years. 
The second is clearly false: if Goethe weren’t dead now, he would 
be still alive, and so couldn’t have died in 1832. 


Example 11.5. The sphere semantics invalidates contraposi- 
tion, i.e., we have p O> g # =qg > 7p. Think of p as “Goethe 
didn’t die in 1832” and g as “Goethe is dead now.” We can cap- 
ture this in a model M; = (W,0,V) with W = {w,w1,wo}, O = 
{{w}, {w, wi}, {w,w1,wo}}, V(p) = {wi, we} and V(q) = {w, wi}. 
So w is the actual world where Goethe died in 1832 and is still 
dead; w is the (close) world where Goethe died in, say, 1833, 
and is still dead; and wy is a (remote) world where Goethe is still 
alive. There is a p-admitting sphere S = {w,w1} and p—q is true 
at all worlds in it, so M,w  p > qg. However, the -q-admitting 
sphere {w,w ,w2} contains a world, namely wo, where q is false 
and p is true, so M,ws * -q — =p. 


Problems 


Problem 11.1. Find a convincing, intuitive example for the fail- 
ure of transitivity of counterfactuals. 
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Figure 11.8: Counterexample to contraposition 


Problem 11.2. Draw the sphere diagram corresponding to the 
counterexample in Example 11.4. 


Problem 11.3. In Example 11.4, world wa is where Hoover is 
born in Russia, is a communist, and not a traitor, and wy, is the 
world where Hoover is born in the US, is a communist, and a 
traitor. In this model, w is closer to w than wg is. Is this neces- 
sary? Can you give a counterexample that does not assume that 
Hoover’s being born in Russia is a more remote possibility than 
him being a Communist? 


PART IV 


Appendices 


APPENDIX A 


Sets 


A.1 Extensionality 


A set is a collection of objects, considered as a single object. The 
objects making up the set are called elements or members of the 
set. If x is an element of a set a, we write x € a; if not, we write 
x ¢ a. The set which has no elements is called the empty set and 
denoted “0”. 

It does not matter how we specify the set, or how we order 
its elements, or indeed how many times we count its elements. 
All that matters are what its elements are. We codify this in the 
following principle. 


Definition A.1 (Extensionality). If A and B are sets, then A = 
B iff every element of A is also an element of B, and vice versa. 


Extensionality licenses some notation. In general, when we 
have some objects aj, ..., @,, then {a,...,a,} is the set whose 
elements are @1,...,a@,. We emphasise the word “the”, since ex- 
tensionality tells us that there can be only one such set. Indeed, 
extensionality also licenses the following: 


{a,a,b} = {a,b} = {b, a}. 
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This delivers on the point that, when we consider sets, we don’t 
care about the order of their elements, or how many times they 
are specified. 


Example A.2. Whenever you have a bunch of objects, you can 
collect them together in a set. The set of Richard’s siblings, for 
instance, is a set that contains one person, and we could write it as 
S = {Ruth}. The set of positive integers less than 4 is {1,2,3}, but 
it can also be written as {3,2,1} or even as {1,2,1,2,3}. These are 
all the same set, by extensionality. For every element of {1,2,3} 
is also an element of {3,2,1} (and of {1,2,1,2,3}), and vice versa. 


Frequently we’ll specify a set by some property that its ele- 
ments share. We'll use the following shorthand notation for that: 
{x : p(x)}, where the v(x) stands for the property that x has to 
have in order to be counted among the elements of the set. 


Example A.3. In our example, we could have specified S also 
as 


S = {x:x is a sibling of Richard}. 


Example A.4. A number is called perfect iff it is equal to the 
sum of its proper divisors (i.e., numbers that evenly divide it but 
aren’t identical to the number). For instance, 6 is perfect because 
its proper divisors are 1, 2, and 3, and 6 = 1+2+3. In fact, 6 
is the only positive integer less than 10 that is perfect. So, using 
extensionality, we can say: 


{6} = {x : x is perfect and 0 < x < 10} 


We read the notation on the right as “the set of x’s such that x 
is perfect and 0 < x < 10”. The identity here confirms that, 
when we consider sets, we don’t care about how they are spec- 
ified. And, more generally, extensionality guarantees that there 
is always only one set of x’s such that y(x). So, extensionality 
justifies calling {x : y(x)} the set of x’s such that y(x). 
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Extensionality gives us a way for showing that sets are iden- 
tical: to show that A = B, show that whenever x € A then also 
x € B, and whenever y € B then also y € A. 


A.2 Subsets and Power Sets 


We will often want to compare sets. And one obvious kind of 
comparison one might make is as follows: everything in one set is 
in the other too. This situation is sufficiently important for us to 
introduce some new notation. 


Definition A.5 (Subset). If every element of a set A is also 
an element of B, then we say that A is a subset of B, and write 
AC B. If Ais not a subset of B we write A ¢ B. If A C B but 
A # B, we write A ¢ B and say that A is a proper subset of B. 


Example A.6. Every set is a subset of itself, and 0 is a subset of 
every set. The set of even numbers is a subset of the set of natural 
numbers. Also, {a,b} € {a,b,c}. But {a,b,e} is not a subset of 
{a,b,c}. 


Example A.7. The number 2 is an element of the set of integers, 
whereas the set of even numbers is a subset of the set of integers. 
However, a set may happen to both be an element and a subset 
of some other set, e.g., {O} € {0,{0}} and also {0} € {0, {O}}. 


Extensionality gives a criterion of identity for sets: A = B 
iff every element of A is also an element of B and vice versa. 
The definition of “subset” defines A C B precisely as the first 
half of this criterion: every element of A is also an element of B. 
Of course the definition also applies if we switch A and B: that 
is, B C A iff every element of B is also an element of A. And 
that, in turn, is exactly the “vice versa” part of extensionality. In 
other words, extensionality entails that sets are equal iff they are 
subsets of one another. 
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Proposition A.8. A= B iff both AC Band BC A. 


Now is also a good opportunity to introduce some further 
bits of helpful notation. In defining when A is a subset of B 
we said that “every element of A is ...,” and filled the “...” with 
“an element of B”. But this is such a common shape of expression 
that it will be helpful to introduce some formal notation for it. 


Definition A.g. (Vx € A)y abbreviates Vx(x € Ay). Similarly, 
(Ax € A)y abbreviates 4x(x € AA y). 


Using this notation, we can say that A C B iff (Vx € A)x € B. 
Now we move on to considering a certain kind of set: the set 
of all subsets of a given set. 


Definition A.10 (Power Set). The set consisting of all subsets 
of a set A is called the power set of A, written g(A). 


e(A) ={B: BCA} 


Example A.11. What are all the possible subsets of {a,b,c}? 
They are: 0, {a}, {b}, {c}, {a,b}, {a,c}, {b,c}, {a,b,c}. The set 
of all these subsets is 9({a,5,c}): 


p({a,,c}) = {0, {a}, {b}, tc}, {a,b}, {b,c}, {a,c}, {a,b ch} 


A.3 Some Important Sets 


Example A.12. We will mostly be dealing with sets whose el- 
ements are mathematical objects. Four such sets are important 
enough to have specific names: 


N = {0,1,2,3,...} 
the set of natural numbers 
Z= {...,-2,-1,0,1,2,...} 
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the set of integers 
Q={m/n: m,n e€ Zand n # 0} 
the set of rationals 
R = (—00, 00) 


the set of real numbers (the continuum) 


These are all infinite sets, that is, they each have infinitely many 
elements. 

As we move through these sets, we are adding more numbers 
to our stock. Indeed, it should be clear that NC ZC QCR: 
after all, every natural number is an integer; every integer is a 
rational; and every rational is a real. Equally, it should be clear 
that NC Z¢ Q, since —1 is an integer but not a natural number, 
and 1/2 is rational but not integer. It is less obvious that Q ¢ R, 
i.e., that there are some real numbers which are not rational. 

We'll sometimes also use the set of positive integers Z* = 
{1,2,3,...} and the set containing just the first two natural num- 
bers B = {0,1}. 


Example A.13 (Strings). Another interesting example is the 
set A* of finite strings over an alphabet A: any finite sequence 
of elements of A is a string over A. We include the empty string A 
among the strings over A, for every alphabet A. For instance, 


B* = {A,0,1,00,01,10, 11, 
000,001,010, 011, 100,101,110, 111,0000,.. .}. 


If x = x1...x, € A*is a string consisting of n “letters” from A, 
then we say length of the string is n and write len(x) = n. 


Example A.14 (Infinite sequences). For any set A we may 
also consider the set A® of infinite sequences of elements of A. 
An infinite sequence a,a2a3a4... consists of a one-way infinite 
list of objects, each one of which is an element of A. 
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Figure A.1: The union A U B of two sets is set of elements of A together with 
those of B. 


A.4 Unions and Intersections 


In appendix A.1, we introduced definitions of sets by abstraction, 
ie., definitions of the form {x : y(x)}. Here, we invoke some 
property y, and this property can mention sets we’ve already 
defined. So for instance, if A and B are sets, the set {x : x € 
AvVx € B} consists of all those objects which are elements of either 
A or B, i.e., it’s the set that combines the elements of A and B. 
We can visualize this as in Figure A.1, where the highlighted area 
indicates the elements of the two sets A and B together. 

This operation on sets—combining them—is very useful and 
common, and so we give it a formal name and a symbol. 


Definition A.15 (Union). The wnion of two sets A and B, writ- 
ten A U B, is the set of all things which are elements of A, B, or 
both. 

AUB={x:xE€AVxeEB} 


Example A.16. Since the multiplicity of elements doesn’t mat- 
ter, the union of two sets which have an element in common con- 
tains that element only once, e.g., {a,b,c}U{a,0,1} = {a,b,c,0,1}. 

The union of a set and one of its subsets is just the bigger set: 


{a,b,c} U {a} = {a,b,c}. 
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Figure A.2: The intersection AN B of two sets is the set of elements they have 
in common. 


The union of a set with the empty set is identical to the set: 
{a,b,c} UO = {a,b,c}. 


We can also consider a “dual” operation to union. This is the 
operation that forms the set of all elements that are elements of A 
and are also elements of B. This operation is called intersection, 
and can be depicted as in Figure A.2. 


Definition A.17 (Intersection). The intersection of two sets A 
and B, written A/ B, is the set of all things which are elements 
of both A and B. 


ANB={x:xE€AAx eB} 


Two sets are called disjoint if their intersection is empty. This 
means they have no elements in common. 


Example A.18. If two sets have no elements in common, their 
intersection is empty: {a,b,c} {0,1} = 0. 

If two sets do have elements in common, their intersection is 
the set of all those: {a,b,c} {a,b,d} = {a,b}. 

The intersection of a set with one of its subsets is just the 
smaller set: {a,b,c} M {a,b} = {a,b}. 
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The intersection of any set with the empty set is empty: 
{a,b,c} NOD=9. 


We can also form the union or intersection of more than two 
sets. An elegant way of dealing with this in general is the follow- 
ing: suppose you collect all the sets you want to form the union 
(or intersection) of into a single set. Then we can define the union 
of all our original sets as the set of all objects which belong to at 
least one element of the set, and the intersection as the set of all 
objects which belong to every element of the set. 


Definition A.19. If A is a set of sets, then JA is the set of 
elements of elements of A: 


LU A= {x : x belongs to an element of A}, i-e., 
= {x : there is a B € A so that x € B} 


Definition A.20. If A is a set of sets, then ()A is the set of 
objects which all elements of A have in common: 


() A= {x :x belongs to every element of A}, i-e., 
= {x : for all B € A,x € B} 


Example A.21. Suppose A = {{a,b},{a,d,e},{a,d}}. Then 
(JA = {a,b,d,e} and (\ A= {a}. 


We could also do the same for a sequence of sets Aj, Ao, ... 


U A; = {x : x belongs to one of the A;} 


() A; = {x : x belongs to every A;}. 


When we have an index of sets, i.e., some set J such that 
we are considering A; for each i € J, we may also use these 
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Figure A.3: The difference A \ B of two sets is the set of those elements of A 
which are not also elements of B. 


abbreviations: 


J4r=| Jia ied 


iel 
(4 = (ta: i0 eI} 
iel 
Finally, we may want to think about the set of all elements 
in A which are not in B. We can depict this as in Figure A.3. 


Definition A.22 (Difference). The set difference A \ B is the set 
of all elements of A which are not also elements of B, i.e., 


A\ B={x:x¢€Aand x ¢ B}. 


A.5 Pairs, Tuples, Cartesian Products 


It follows from extensionality that sets have no order to their 
elements. So if we want to represent order, we use ordered pairs 
(x,y). In an unordered pair {x,y}, the order does not matter: 
{x,y} = {y,x}. In an ordered pair, it does: if x # y, then (x,y) # 
(x). 

How should we think about ordered pairs in set theory? Cru- 
cially, we want to preserve the idea that ordered pairs are iden- 
tical iff they share the same first element and share the same 
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second element, i.e.: 
(a,b) = (c,d) iff both a =c¢ and b = d. 


We can define ordered pairs in set theory using the Wiener- 
Kuratowski definition. 


Definition A.23 (Ordered pair). (a,b) = {{a}, {a,b}}. 


Having fixed a definition of an ordered pair, we can use it 
to define further sets. For example, sometimes we also want or- 
dered sequences of more than two objects, e.g., triples (x,y,z), 
quadruples (x,y,z,u), and so on. We can think of triples as spe- 
cial ordered pairs, where the first element is itself an ordered pair: 
(x,y,z) is ((x,y),z). The same is true for quadruples: (x,y,z,u) 
is (((x,y),z),u), and so on. In general, we talk of ordered n-tuples 
(X1,. .. Xn). 

Certain sets of ordered pairs, or other ordered n-tuples, will 
be useful. 


Definition A.24 (Cartesian product). Given sets A and B, 
their Cartesian product A x B is defined by 


Ax B= {(x,y):x¢€Aand ye B}. 


Example A.25. If A = {0,1}, and B = {1,a,5}, then their prod- 
uct is 


Ax B = {(0,1),(0,a),(0,b), (1,1), (1,a), (1,5)}. 


Example A.26. If A is a set, the product of A with itself, A x A, 
is also written A. It is the set of all pairs (x,y) with x,y € A. The 
set of all triples (x,y,z) is A®, and so on. We can give a recursive 
definition: 
A'=A 
yale ae | 
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Proposition A.27. Jf A has n elements and B has m elements, then 
Ax B has n-m elements. 


Proof. For every element x in A, there are m elements of the form 
(x,y) € AX B. Let B, = {(x,y) : y € B}. Since whenever x1 # xo, 
(x1,9) # (*2,9), By, OB, = ©. But if A = {x1,...,%,}, then 
AX B= B,, U---UB,,, and so has n- m elements. 

To visualize this, arrange the elements of A x B in a grid: 


By = {(4i91) isa) vss Cm) } 
By, a {(x2,.)1) (x9,92) cee (x2,)m) 
Bee: (gi) Ge) non CGD) 


Since the x; are all different, and the y, are all different, no two of 
the pairs in this grid are the same, and there are n- m of them.O 


Example A.28. If A is a set, a word over A is any sequence of 
elements of A. A sequence can be thought of as an n-tuple of ele- 
ments of A. For instance, if A = {a,b,c}, then the sequence “bac” 
can be thought of as the triple (b,a,c). Words, i.e., sequences of 
symbols, are of crucial importance in computer science. By con- 
vention, we count elements of A as sequences of length 1, and 0 
as the sequence of length 0. The set of all words over A then is 


At ={O}UAUAUA VU... 


A.6 Russell’s Paradox 


Extensionality licenses the notation {x : y(x)}, for the set of x’s 
such that v(x). However, all that extensionality really licenses is 
the following thought. Jf there is a set whose members are all 
and only the y’s, then there is only one such set. Otherwise put: 
having fixed some 4, the set {x : y(x)} is unique, ifit exists. 

But this conditional is important! Crucially, not every prop- 
erty lends itself to comprehension. That is, some properties do not 
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define sets. If they all did, then we would run into outright contra- 
dictions. The most famous example of this is Russell’s Paradox. 

Sets may be elements of other sets—for instance, the power 
set of a set A is made up of sets. And so it makes sense to ask or 
investigate whether a set is an element of another set. Can a set 
be a member of itself? Nothing about the idea of a set seems to 
rule this out. For instance, if all sets form a collection of objects, 
one might think that they can be collected into a single set-—the 
set of all sets. And it, being a set, would be an element of the set 
of all sets. 

Russell’s Paradox arises when we consider the property of not 
having itself as an element, of being non-self-membered. What if we 
suppose that there is a set of all sets that do not have themselves 
as an element? Does 


R={x:x¢€x} 
exist? It turns out that we can prove that it does not. 


Theorem A.29 (Russell’s Paradox). There isnosetR = {x:x¢ 


x}. 
Proof. If R = {x : x ¢ x} exists, then R € R iff R ¢ R, which is a 
contradiction. oO 


Let’s run through this proof more slowly. If R exists, it makes 
sense to ask whether R € R# or not. Suppose that indeed R € R. 
Now, R was defined as the set of all sets that are not elements of 
themselves. So, if R €¢ R, then R does not itself have R’s defining 
property. But only sets that have this property are in R, hence, R 
cannot be an element of R, i.e., R ¢ R. But R can’t both be and 
not be an element of R, so we have a contradiction. 

Since the assumption that R € R leads to a contradiction, we 
have R ¢ R. But this also leads to a contradiction! For if R ¢ R, 
then R itself does have R’s defining property, and so R would be 
an element of R just like all the other non-self-membered sets. 
And again, it can’t both not be and be an element of R. 
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How do we set up a set theory which avoids falling into Rus- 
sell’s Paradox, i.e., which avoids making the inconsistent claim that 
R= {x :x ¢ x} exists? Well, we would need to lay down axioms 
which give us very precise conditions for stating when sets exist 
(and when they don’t). 

The set theory sketched in this chapter doesn’t do this. It’s 
genuinely naive. It tells you only that sets obey extensionality and 
that, if you have some sets, you can form their union, intersection, 
etc. It is possible to develop set theory more rigorously than 
this. 


Problems 


Problem A.1. Prove that there is at most one empty set, i.e., 
show that if A and B are sets without elements, then A = B. 


Problem A.2. List all subsets of {a,b,c,d}. 


Problem A.3. Show that if A has n elements, then ¢(A) has 2” 
elements. 


Problem A.4. Prove that if A C B, then AUB=B. 

Problem A.5. Prove rigorously that if A C B, then AN B= A. 
Problem A.6. Show that if A is a set and A € B, then AC UB. 
Problem A.7. Prove that if A ¢ B, then B\ A# 9. 


Problem A.8. Using Definition A.23, prove that (a,b) = (c,d) 
iff both a=c and b=d. 


Problem A.9. List all elements of {1,2,3}8. 


Problem A.10. Show, by induction on f, that for all k > 1, if A 
has n elements, then A‘ has n* elements. 
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Relations 


B.1 Relations as Sets 


In appendix A.3, we mentioned some important sets: N, Z, Q, R. 
You will no doubt remember some interesting relations between 
the elements of some of these sets. For instance, each of these sets 
has a completely standard order relation on it. There is also the 
relation is identical with that every object bears to itself and to no 
other thing. There are many more interesting relations that we'll 
encounter, and even more possible relations. Before we review 
them, though, we will start by pointing out that we can look at 
relations as a special sort of set. 

For this, recall two things from appendix A.5. First, recall 
the notion of a ordered pair: given a and b, we can form (a,b). 
Importantly, the order of elements does matter here. So if a # b 
then (a,b) # (b,a). (Contrast this with unordered pairs, i.e., 2- 
element sets, where {a,b} = {b,a}.) Second, recall the notion of 
a Cartesian product: if A and B are sets, then we can form A x B, 
the set of all pairs (x,y) with x ¢ A and y ¢€ B. In particular, 
A? = Ax Ais the set of all ordered pairs from A. 

Now we will consider a particular relation on a set: the <- 
relation on the set N of natural numbers. Consider the set of all 
pairs of numbers (n,m) where n < m, i.e., 


R= {(n,m): n,m €N and n < m}. 
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There is a close connection between n being less than m, and the 
pair (n,m) being a member of R, namely: 


n < m iff (n,m) € R. 


Indeed, without any loss of information, we can consider the set 
R to be the <-relation on N. 

In the same way we can construct a subset of N? for any rela- 
tion between numbers. Conversely, given any set of pairs of num- 
bers S C N?, there is a corresponding relation between numbers, 
namely, the relationship n bears to m if and only if (n,m) € S. 
This justifies the following definition: 


Definition B.1 (Binary relation). A binary relation on a set A 
is a subset of A?. If R C A? isa binary relation on A and x,y € A, 
we sometimes write Rxy (or xRy) for (x,y) € R. 


Example B.2. The set N? of pairs of natural numbers can be 
listed in a 2-dimensional matrix like this: 


(0,0) (0,1) (0,2) (0,3) 
(1,0): <0) 41,2) 1,3) 
(2,0) @,1) (2,2) <2,2) 
(3,0) (3,1) (3,2) (3,3) 


We have put the diagonal, here, in bold, since the subset of N? 
consisting of the pairs lying on the diagonal, i.e., 


{(0,0), (1,1), (2,2),...}, 


is the identity relation on N. (Since the identity relation is popular, 
let’s define Idy = {(x,x) : x € A} for any set A.) The subset of all 
pairs lying above the diagonal, i.e., 


L = {(0,1), (0,2),..., (1,2), (1,3),...,(2,3), (2,4),...}, 
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is the less than relation, i.e., Lnm iff n < m. The subset of pairs 
below the diagonal, i.e., 


G = {(1,0), (2,0), (2,1), (3,0), (3,1), (3,2),...}, 


is the greater than relation, i.e., Gum iff n > m. The union of L 
with J, which we might call K = L UJ, is the less than or equal to 
relation: Knm iff n < m. Similarly, H = G UT is the greater than 
or equal to relation. These relations L, G, K, and H are special 
kinds of relations called orders. L and G have the property that 
no number bears ZL or G to itself (i.e., for all x, neither Lnn nor 
Gnn). Relations with this property are called irreflexive, and, if 
they also happen to be orders, they are called strict orders. 


Although orders and identity are important and natural re- 
lations, it should be emphasized that according to our defini- 
tion any subset of A? is a relation on A, regardless of how un- 
natural or contrived it seems. In particular, @ is a relation on 
any set (the empty relation, which no pair of elements bears), 
and A? itself is a relation on A as well (one which every pair 
bears), called the universal relation. But also something like 
E={(n,m):n > 5 or m Xn > 34} counts as a relation. 


B.2 Special Properties of Relations 


Some kinds of relations turn out to be so common that they have 
been given special names. For instance, < and C both relate their 
respective domains (say, N in the case of < and (A) in the case 
of C) in similar ways. To get at exactly how these relations are 
similar, and how they differ, we categorize them according to 
some special properties that relations can have. It turns out that 
(combinations of) some of these special properties are especially 
important: orders and equivalence relations. 


APPENDIX B. RELATIONS 183 


Definition B.3 (Reflexivity). A relation R C A? is reflexive iff, 
for every x € A, Rxx. 


Definition B.4 (Transitivity). A relation R C A? is transitive 
iff, whenever Rxy and Ryz, then also Rxz. 


Definition B.5 (Symmetry). A relation R C A? is symmetric iff, 
whenever Rxy, then also Ryx. 


Definition B.6 (Anti-symmetry). A relation R ¢ A? is anti- 
symmetric iff, whenever both Rxy and Ryx, then x = y (or, in 
other words: if x # y then either ~Rxy or =Ryx). 


In a symmetric relation, Rxy and Ryx always hold together, 
or neither holds. In an anti-symmetric relation, the only way for 
Rxy and Ryx to hold together is if x = y. Note that this does not 
require that Rxy and Ryx holds when x = y, only that it isn’t ruled 
out. So an anti-symmetric relation can be reflexive, but it is not 
the case that every anti-symmetric relation is reflexive. Also note 
that being anti-symmetric and merely not being symmetric are 
different conditions. In fact, a relation can be both symmetric 
and anti-symmetric at the same time (e.g., the identity relation 
is). 


Definition B.7 (Connectivity). A relation R C A? is connected 
if for all x,y € A, if x # y, then either Rxy or Ryx. 


Definition B.8 (Irreflexivity). A relation R C A? is called ir- 
reflexive if, for all x € A, not Rxx. 
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Definition B.g (Asymmetry). A relation R C A? is called asym- 
metric if for no pair x,y € A we have both Rxy and Ryx. 


Note that if A # 0, then no irreflexive relation on A is reflex- 
ive and every asymmetric relation on A is also anti-symmetric. 
However, there are R C A? that are not reflexive and also not 
irreflexive, and there are anti-symmetric relations that are not 
asymmetric, 


B.3_ Equivalence Relations 


The identity relation on a set is reflexive, symmetric, and transi- 
tive. Relations R that have all three of these properties are very 
common. 


Definition B.10 (Equivalence relation). A relation R ¢ A? 
that is reflexive, symmetric, and transitive is called an equivalence 
relation. Elements x and y of A are said to be R-equivalent if Rxy. 


Equivalence relations give rise to the notion of an equivalence 
class. An equivalence relation “chunks up” the domain into differ- 
ent partitions. Within each partition, all the objects are related 
to one another; and no objects from different partitions relate 
to one another. Sometimes, it’s helpful just to talk about these 
partitions directly. To that end, we introduce a definition: 


Definition B.11. Let R ¢ A’ be an equivalence relation. For 
each x € A, the equivalence class of x in A is the set [x]z = {y € 
A: Rxy}. The quotient of A under R is A/r= {[x]z : x € A}, ie., 
the set of these equivalence classes. 


The next result vindicates the definition of an equivalence 
class, in proving that the equivalence classes are indeed the par- 
titions of A: 
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Proposition B.12. If R ¢ A? is an equivalence relation, then Rxy 


iff (xlr = Yr. 


Proof. For the left-to-right direction, suppose Rxy, and let z € 
[x]r. By definition, then, Rxz. Since R is an equivalence relation, 
Ryz. (Spelling this out: as Rxy and R is symmetric we have 
Ryx, and as Rxz and R is transitive we have Ryz.) So z € [y]r. 
Generalising, [x]z © [y]r. But exactly similarly, Ly]r C [x]r. So 
[x]r = Ly, by extensionality. 

For the right-to-left direction, suppose [x]r = Ly]z. Since R is 
reflexive, Ryy, so y € [y]r. Thus also y € [x] by the assumption 
that [x]r = [y]r. So Rxy. Oo 


Example B.13. A nice example of equivalence relations comes 
from modular arithmetic. For any a, b, and n € N, say that a =, b 
iff dividing a by n gives the same remainder as dividing b by n. 
(Somewhat more symbolically: a =, 5 iff, for some k € Z, a—b = 
kn.) Now, =, is an equivalence relation, for any n. And there 
are exactly n distinct equivalence classes generated by =,; that 
is, N/z, has n elements. These are: the set of numbers divisible 
by n without remainder, i.e., [O]=,; the set of numbers divisible 
by n with remainder 1, i.e., [1]=,; ...; and the set of numbers 
divisible by n with remainder n — 1, ie., [n —1]=,. 


=n 


B.4 Orders 


Many of our comparisons involve describing some objects as be- 
ing “less than”, “equal to”, or “greater than” other objects, in a 
certain respect. These involve order relations. But there are differ- 
ent kinds of order relations. For instance, some require that any 
two objects be comparable, others don’t. Some include identity 
(like <) and some exclude it (like <). It will help us to have a 


taxonomy here. 
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Definition B.14 (Preorder). A relation which is both reflexive 
and transitive is called a preorder. 


Definition B.15 (Partial order). A preorder which is also anti- 
symmetric is called a partial order. 


Definition B.16 (Linear order). A partial order which is also 
connected is called a total order or linear order. 


Example B.17. Every linear order is also a partial order, and 
every partial order is also a preorder, but the converses don’t 
hold. The universal relation on A is a preorder, since it is reflexive 
and transitive. But, if A has more than one element, the universal 
relation is not anti-symmetric, and so not a partial order. 


Example B.18. Consider the no longer than relation < on B*: x < 
y iff len(x) < len(y). This is a preorder (reflexive and transitive), 
and even connected, but not a partial order, since it is not anti- 
symmetric. For instance, 01 < 10 and 10 < 01, but 01 # 10. 


Example B.1g. An important partial order is the relation C ona 
set of sets. This is not in general a linear order, since if a # b and 
we consider ¢({a,b}) = {0, {a}, {b}, {a, b}}, we see that {a} ¢ {b} 
and {a} # {b} and {b} ¢ {a}. 


Example B.20. The relation of divisibility without remainder 
gives us a partial order which isn’t a linear order. For integers n, 
m, we write n | m to mean n (evenly) divides m, i.e., iff there is 
some integer k so that m = kn. On.N, this is a partial order, but 
not a linear order: for instance, 2 { 3 and also 3 { 2. Considered 
as a relation on Z, divisibility is only a preorder since it is not 
anti-symmetric: 1 | —-1 and -1|1 but 1 # -1. 
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Definition B.21 (Strict order). A sérict order is a relation which 
is irreflexive, asymmetric, and transitive. 


Definition B.22 (Strict linear order). A strict order which is 
also connected is called a strict total order or strict linear order. 


Example B.23. < is the linear order corresponding to the strict 
linear order <. C is the partial order corresponding to the strict 
order ¢. 


Any strict order R on A can be turned into a partial order by 
adding the diagonal Idy, i.e., adding all the pairs (x,x). (This 
is called the reflexive closure of R.) Conversely, starting from a 
partial order, one can get a strict order by removing Id4. These 
next two results make this precise. 


Proposition B.24. Jf R is a strict order on A, then R* = RUId4 
is a partial order. Moreover, if R is a strict linear order, then R* is a 
linear order. 


Proof. Suppose R is a strict order, i.e., R C A” and R is irreflexive, 
asymmetric, and transitive. Let R* = R UId4. We have to show 
that R* is reflexive, anti-symmetric, and transitive. 

R* is clearly reflexive, since (x,x) € Id, C R* for all x € A. 

To show R* is anti-symmetric, suppose for reductio that R* xy 
and R*yx but x # y. Since (x,y) € RUIdy, but (x,y) ¢ Id4, we 
must have (x,y) € R, ie., Rxy. Similarly, Ryx. But this contra- 
dicts the assumption that R is asymmetric. 

To establish transitivity, suppose that R*xy and Ryz. If both 
(x,y) € R and (y,z) € R, then (x,z) € R since R is transitive. 
Otherwise, either (x,y) € Idy, ie., x = y, or (y,z) € Idy, ie., 
y = z. In the first case, we have that R*yz by assumption, x = y, 
hence R*xz. Similarly in the second case. In either case, R*xz, 
thus, R* is also transitive. 
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Concerning the “moreover” clause, suppose that R is also 
connected. So for all x # y, either Rxy or Ryx, ie., either (x,y) € 
R or (y,x) € R. Since R C R*, this remains true of R*, so R* is 
connected as well. Oo 


Proposition B.25. If R is a partial order on A, then R” = R \ Ida 
is a strict order. Moreover, if R is a linear order, then R~ is a strict 
linear order. 


Proof. This is left as an exercise. Oo 


The following simple result establishes that strict linear orders 
satisfy an extensionality-like property: 


Proposition B.26. If < is a strict linear order on A, then: 
(Va,b € A)((Vx € A)(x < acex<b)>a=)). 


Proof. Suppose (Vx € A)(x <aox < bd). Ifa < b, thena <a, 
contradicting the fact that < is irreflexive; so a < b. Exactly 
similarly, b ¢ a. So a = b, as < is connected. Oo 


B.5 Graphs 


A graph is a diagram in which points—called “nodes” or “ver- 
tices” (plural of “vertex”)—are connected by edges. Graphs are 
a ubiquitous tool in discrete mathematics and in computer sci- 
ence. They are incredibly useful for representing, and visualizing, 
relationships and structures, from concrete things like networks 
of various kinds to abstract structures such as the possible out- 
comes of decisions. There are many different kinds of graphs in 
the literature which differ, e.g., according to whether the edges 
are directed or not, have labels or not, whether there can be edges 
from a node to the same node, multiple edges between the same 
nodes, etc. Directed graphs have a special connection to relations. 
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Definition B.27 (Directed graph). A directed graph G = (V,E) 
is a set of vertices V and a set of edges EC V?. 


According to our definition, a graph just is a set together with 
a relation on that set. Of course, when talking about graphs, it’s 
only natural to expect that they are graphically represented: we 
can draw a graph by connecting two vertices v; and vg by an 
arrow iff (vj,v2) € E. The only difference between a relation by 
itself and a graph is that a graph specifies the set of vertices, i.e., a 
graph may have isolated vertices. The important point, however, 
is that every relation R on a set X can be seen as a directed graph 
(X,R), and conversely, a directed graph (V,) can be seen as a 
relation E C V? with the set V explicitly specified. 


Example B.28. The graph (V,£) with V = {1,2,3,4} and E = 
{(1,1), (1,2), (1,3), (2,3)} looks like this: 


©) 


This is a different graph than (V’,£) with V’ = {1,2,3}, which 
looks like this: 
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B.6 Operations on Relations 


It is often useful to modify or combine relations. In Proposi- 
tion B.24, we considered the union of relations, which is just the 
union of two relations considered as sets of pairs. Similarly, in 
Proposition B.25, we considered the relative difference of rela- 
tions. Here are some other operations we can perform on rela- 
tions. 


Definition B.29. Let R, S be relations, and A be any set. 

The inverse of R is R! = {(y,x) : (x,y) € R}. 

The relative product of R and S is (R | S) = {(x,z) : dy(Rxy A 
Syz)}. 

The restriction of R to Ais Rt y= RN A?. 

The application of R to Ais R[ A] = {y: (Ax € A)Rxy} 


Example B.30. Let S C Z? be the successor relation on Z, ie., 
S = {(x,y) 27 :x+1=y}, so that Sxy iff x+1= y. 
S~1 is the predecessor relation on Z, i.e., {(x,y) € Z?:*x-1= 
J}- 
S| Sis {(x,y) €Z?:*%+2=y} 
Sy is the successor relation on N. 
S[{1,2,3}] is {2,3,4}. 


Definition B.31 (Transitive closure). Let R ¢ A? be a binary 
relation. 

The transitive closure of R is R* = Upenen R", where we recur- 
sively define R1 = R and R"™*1 = R" | R. 

The reflexive transitive closure of R is R* = R* UIdy. 


Example B.32. Take the successor relation S C Z?. S?xy iff 
x+2=y, Sexy iff x+3 =, etc. So Stxy iff x +n = y for some 
n > 1. In other words, S*xy iff x < y, and S* xy iff x < y. 
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Problems 


Problem B.1. List the elements of the relation C on the set 


o({a,b,c}). 7 


Problem B.2. Give examples of relations that are (a) reflex- 
ive and symmetric but not transitive, (b) reflexive and anti- 
symmetric, (c) anti-symmetric, transitive, but not reflexive, and 
(d) reflexive, symmetric, and transitive. Do not use relations on 
numbers or sets. 


Problem B.3. Show that =, is an equivalence relation, for any 
n € N, and that N/z, has exactly n members. 


Problem B.4. Give a proof of Proposition B.25. 


Problem B.5. Consider the less-than-orequal-to relation < on 
the set {1,2,3,4} as a graph and draw the corresponding dia- 
gram. 


Problem B.6. Show that the transitive closure of R is in fact 
transitive. 


APPENDIX C 


Syntax and 
Semantics 


C.1 Introduction 


Propositional logic deals with formulas that are built from propo- 
sitional variables using the propositional connectives =, A, V, >, 
and ©. Intuitively, a propositional variable p stands for a sen- 
tence or proposition that is true or false. Whenever the “truth 
value” of the propositional variable in a formula is determined, 
so is the truth value of any formulas formed from them using 
propositional connectives. We say that propositional logic is truth 
functional, because its semantics is given by functions of truth val- 
ues. In particular, in propositional logic we leave out of consider- 
ation any further determination of truth and falsity, e.g., whether 
something is necessarily true rather than just contingently true, 
or whether something is known to be true, or whether something 
is true now rather than was true or will be true. We only consider 
two truth values true (T) and false (F), and so exclude from dis- 
cussion the possibility that a statement may be neither true nor 
false, or only half true. We also concentrate only on connectives 
where the truth value of a formula built from them is completely 
determined by the truth values of its parts (and not, say, on its 
meaning). In particular, whether the truth value of conditionals 
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in English is truth functional in this sense is contentious. The ma- 
terial conditional — is; other logics deal with conditionals that 
are not truth functional. 

In order to develop the theory and metatheory of truth- 
functional propositional logic, we must first define the syntax 
and semantics of its expressions. We will describe one way of 
constructing formulas from propositional variables using the con- 
nectives. Alternative definitions are possible. Other systems will 
choose different symbols, will select different sets of connectives 
as primitive, and will use parentheses differently (or even not 
at all, as in the case of so-called Polish notation). What all ap- 
proaches have in common, though, is that the formation rules 
define the set of formulas inductively. If done properly, every ex- 
pression can result essentially in only one way according to the 
formation rules. The inductive definition resulting in expressions 
that are uniquely readable means we can give meanings to these 
expressions using the same method—inductive definition. 

Giving the meaning of expressions is the domain of seman- 
tics. The central concept in semantics for propositional logic is 
that of satisfaction in a valuation. A valuation v assigns truth val- 
ues T, F to the propositional variables. Any valuation determines 
a truth value v(A) for any formula A. A formula is satisfied in 
a valuation v iff v(A) = T—we write this as v § A. This relation 
can also be defined by induction on the structure of A, using the 
truth functions for the logical connectives to define, say, satisfac- 
tion of A A B in terms of satisfaction (or not) of A and B. 

On the basis of the satisfaction relation v A for sentences 
we can then define the basic semantic notions of tautology, en- 
tailment, and satisfiability. A formula is a tautology, § A, if every 
valuation satisfies it, ie, 0(A) = T for any v. It is entailed by 
a set of formulas, I + A, if every valuation that satisfies all the 
formulas in I" also satisfies A. And a set of formulas is satisfi- 
able if some valuation satisfies all formulas in it at the same time. 
Because formulas are inductively defined, and satisfaction is in 
turn defined by induction on the structure of formulas, we can 
use induction to prove properties of our semantics and to relate 
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the semantic notions defined. 


C.2 Propositional Formulas 


Formulas of propositional logic are built up from propositional 
variables and the propositional constant using logical connectives. 


1. A countably infinite set Ato of propositional variables po, 
Pl, --- 


2. The propositional constant for falsity L. 


3. The logical connectives: = (negation), A (conjunction), V 
(disjunction), — (conditional) 


4. Punctuation marks: (, ), and the comma. 


We denote this language of propositional logic by Lo. 

In addition to the primitive connectives introduced above, 
we also use the following defined symbols: < (biconditional), T 
(truth) 

A defined symbol is not officially part of the language, but 
is introduced as an informal abbreviation: it allows us to abbre- 
viate formulas which would, if we only used primitive symbols, 
get quite long. This is obviously an advantage. The bigger ad- 
vantage, however, is that proofs become shorter. If a symbol is 
primitive, it has to be treated separately in proofs. The more 
primitive symbols, therefore, the longer our proofs. 

You may be familiar with different terminology and symbols 
than the ones we use above. Logic texts (and teachers) commonly 
use either ~, =, and! for “negation”, A, -, and & for “conjunction”. 
Commonly used symbols for the “conditional” or “implication” 
are —, =, and D. Symbols for “biconditional,” “bi-implication,” 
or “(material) equivalence” are ~, ©, and =. The 1 symbol is 
variously called “falsity,” “falsum,” “absurdity,” or “bottom.” The 
T symbol is variously called “truth,” “verum,” or “top.” 
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Definition C.1 (Formula). The set Frm(Z%o) of formulas of 
propositional logic is defined inductively as follows: 


1. Lis an atomic formula. 

2. Every propositional variable p; is an atomic formula. 
3. If A is a formula, then —A is a formula. 

4. If A and B are formulas, then (A A B) is a formula. 
5. If A and B are formulas, then (A V B) is a formula. 
6. If A and B are formulas, then (A — B) is a formula. 


7. Nothing else is a formula. 


The definition of formulas is an inductive definition. Essen- 
tially, we construct the set of formulas in infinitely many stages. 
In the initial stage, we pronounce all atomic formulas to be for- 
mulas; this corresponds to the first few cases of the definition, i-e., 
the cases for L, p;. “Atomic formula” thus means any formula of 
this form. 

The other cases of the definition give rules for constructing 
new formulas out of formulas already constructed. At the second 
stage, we can use them to construct formulas out of atomic for- 
mulas. At the third stage, we construct new formulas from the 
atomic formulas and those obtained in the second stage, and so 
on. A formula is anything that is eventually constructed at such 
a stage, and nothing else. 


Definition C.2. Formulas constructed using the defined opera- 
tors are to be understood as follows: 


1. T abbreviates —_L. 


2. A B abbreviates (A > B) A (B- A). 
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Definition C.3 (Syntactic identity). The symbol = expresses 
syntactic identity between strings of symbols, i.e., A = B iff A and 
B are strings of symbols of the same length and which contain 
the same symbol in each place. 


The = symbol may be flanked by strings obtained by con- 
catenation, e.g., A = (B V C) means: the string of symbols A is 
the same string as the one obtained by concatenating an opening 
parenthesis, the string B, the V symbol, the string C’,, and a clos- 
ing parenthesis, in this order. If this is the case, then we know 
that the first symbol of A is an opening parenthesis, A contains 
B as a substring (starting at the second symbol), that substring 
is followed by V, etc. 


C.3 Preliminaries 


Theorem C.4 (Principle of induction on formulas). If some 
property P holds for all the atomic formulas and is such that 


1. it holds for aA whenever it holds for A; 

2. it holds for (A A B) whenever it holds for A and B; 

3. it holds for (A V B) whenever it holds for A and B; 

4. it holds for (A — B) whenever it holds for A and B; 
then P holds for all formulas. 


Proof. Let S be the collection of all formulas with property P. 
Clearly S$ C Frm(Y%p). S satisfies all the conditions of Defini- 
tion C.1: it contains all atomic formulas and is closed under 
the logical operators. Frm(&o) is the smallest such class, so 
Frm(Zo) C S. So Frm(YLo) = S, and every formula has prop- 
erty P. o 
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Proposition C.5. Any formula in Frm(Lo) is balanced, in that it 
has as many left parentheses as right ones. 


Proposition C.6. No proper initial segment of a formula is a for- 
mula. 


Proposition C.7 (Unique Readability). Any formula A _ in 
Frm(Lo) has exactly one parsing as one of the following 


 heeealles 
2. Pn for some Pn € Ato. 


aB for some formula B. 


YS 


4. (BAC) for some formulas B and C. 


(BV C) for some formulas B and C. 


Sy Sh 


(B > C) for some formulas B and C. 


Moreover, this parsing is unique. 


Proof. By induction on A. For instance, suppose that A has two 
distinct readings as (B— C) and (B’ > C’). Then B and B’ must 
be the same (or else one would be a proper initial segment of the 
other); so if the two readings of A are distinct it must be because 
C and C’ are distinct readings of the same sequence of symbols, 
which is impossible by the inductive hypothesis. Oo 


Definition C.8 (Uniform Substitution). If A and B are formu- 
las, and p; is a propositional variable, then A[B/p;] denotes the 
result of replacing each occurrence of p; by an occurrence of B 
in A; similarly, the simultaneous substitution of pi, ..., Pn by 
formulas By, ..., B, is denoted by A[Bi/p1,...,Bn/ Pn]. 
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C.4 Formation Sequences 


Defining formulas via an inductive definition, and the comple- 
mentary technique of proving properties of formulas via induc- 
tion, is an elegant and efficient approach. However, it can also 
be useful to consider a more bottom-up, step-by-step approach to 
the construction of formulas, which we do here using the notion 
of a formation sequence. 


Definition C.g (Formation sequences for formulas). A finite 
sequence (Ao,...,A,) of strings of symbols from the language Lo 
is a formation sequence for A if A = A, and for all i < n, either A; 
is an atomic formula or there exist j,k < i such that one of the 
following holds: 


1. A; = aA. 
2. A; = (A; A Ax). 
3: A; = (A; V Ax). 


4. A; = (A; — Ax). 
Example C.10. 
(Po, Pi,(P1 A Po),7(P1 A Po)) 
is a formation sequence of —(p; A fo), as is 


(Po. P15 Po. (P1 A Po), (Po — P1),7(P1 A Po)). 


As can be seen from the second example, formation sequences 
may contain ‘junk’: formulas which are redundant or do not con- 
tribute to the construction. 


Proposition C.11. Every formula A in Frm(Lo) has a formation 
sequence. 
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Proof. Suppose A is atomic. Then the sequence (A) is a forma- 
tion sequence for A. Now suppose that B and C’ have formation 
sequences (Bo,...,B,) and (Co,...,Cm) respectively. 


1. If A = 7B, then (Bo,...,Bn,7B,) is a formation sequence 
for A. 


2. If A= (BAC), then (Bo,...,Bn,Co,.--,Cm,( Ba A Cm)) is a 
formation sequence for A. 


3. If A= (BVOC), then (Bo,...,Bn,Co,..-,Cm,( Ba V Cm)) is a 
formation sequence for A. 


4. If A= (BC), then (Bo,...,Bn,Co,.--, Cm, (Bn — Cn)) is 
a formation sequence for A. 


By the principle of induction on formulas, every formula has a 
formation sequence. Oo 


We can also prove the converse. This is important because 
it shows that our two ways of defining formulas are equivalent: 
they give the same results. It also means that we can prove the- 
orems about formulas by using ordinary induction on the length 
of formation sequences. 


Lemma C.12. Suppose that (Ao,...,An) is a formation sequence 
for An, and that k < n. Then (Ao,...,Ax) is a formation sequence 


for Ax. 


Theorem C.13. Frm(YLo) is the set of all expressions (strings of sym- 
bols) in the language Lo with a formation sequence. 


Proof. Let F be the set of all strings of symbols in the language Lo 
that have a formation sequence. We have seen in Proposition C.11 
that Frm(YZo) C F, so now we prove the converse. 

Suppose A has a formation sequence (Ao,...,A,). We prove 
that A ¢ Frm(Yo) by strong induction on n. Our induction hy- 
pothesis is that every string of symbols with a formation sequence 
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of length m < n is in Frm(Y). By the definition of a formation 
sequence, either A, is atomic or there must exist j,k < n such 
that one of the following is the case: 


1. A; = 7A ;. 


2. A; = (Aj A Aj). 


. Aj 
3. A; = (A; V Ax). 
. Aj 


4. Aj = (Aj — Ax). 


Now we reason by cases. If A, is atomic then A, € Frm(Y). Sup- 
pose instead that A = (A;AAx). By Lemma C.12, (Ao,...,A;) and 
(Ao,...,Ax) are formation sequences for A; and A; respectively. 
Since these are proper initial subsequences of the formation se- 
quence for A, they both have length less than n. Therefore by the 
induction hypothesis, A; and Az are in Frm(YZ), and so by the 
definition of a formula, so is (A; \ Ay). The other cases follow 
by parallel reasoning. Oo 


C.5 Valuations and Satisfaction 


Definition C.14 (Valuations). Let {T,F} be the set of the two 
truth values, “true” and “false.” A valuation for Lo is a func- 
tion v assigning either T or F to the propositional variables of 
the language, i.e., v: Ato — {T,F}. 


Definition C.15. Given a valuation v, define the evaluation 
function v: Frm(YLo) — {T,F} inductively by: 

o(L) = 

(Pn) = (Pn); 
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ca fT #04) =F 
ee F otherwise. 
‘AK BY= T if o(A) =T and 0(B) =T; 
~ Rif (A) =For 0(B) =F. 
(AV B) = T if o(A) =T or o(B) =T; 
i ~ |B if B(A) =Fand 3(B) =F. 
(A> B) = T if o(A) =F or 0(B) =T; 
. if D(A) = T and 3(B) =F. 


The clauses correspond to the following truth tables: 


A BI|ANB||[A Bl AVB 
A || 7A T T TT T 
Tl] oF T FE F T F T 
F|| T F T F FT T 
F FE F F F F 

A Bl A>B 

T T 

T F F 

FT T 

F F T 


Theorem C.16 (Local Determination). Suppose that v1 and v9 
are valuations that agree on the propositional letters occurring in A, i.e., 
V1(Pn) = V2(Pn) whenever Py occurs in some formula A. Then 0; and 
D2 also agree on A, i.¢., 01(A) = 09(A). 


Proof. By induction on A. Oo 
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Definition C.17 (Satisfaction). We can inductively define the 
notion of satisfaction of a formula A by a valuation v, v & A, as 
follows. (We write v ¥ A to mean “not v F A.”) 


1.421: VEA, 

2, A=p;: vEA iff v(p;) =T. 

3. A=FB: ve Aiffve B. 

4. A=(BAC): vEAiffvr Bandve C. 

5. A=(BVC): ve Aiffvr Borve C (or both). 
6. A=(B-C): ve Aiffv xe Bor ve C (or both). 


If I’ is a set of formulas, v I’ iff v & A for every A €T. 


Proposition C.18. v § A iffv(A) =T. 


Proof. By induction on A. Oo 


C.6 Semantic Notions 


We define the following semantic notions: 


Definition C.1g9. 1. A formula A is satisfiable if for some v, 
v & A; it is unsatisfiable if for no v, v F A; 


2. A formula A is a tautology if v § A for all valuations v; 


3. A formula A is contingent if it is satisfiable but not a tautol- 
O8ys 


4. If © is a set of formulas, [ + A (“I entails A”) if and only 
if v — A for every valuation v for which v F I’. 
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5. If is a set of formulas, I is satisfiable if there is a valua- 
tion v for which ve I, and I is unsatisfiable otherwise. 


Proposition C.20. 1. A is a tautology if and only if @ & A; 
2. ff & Aandr te AB thenl & B; 
3. IfT is satisfiable then every finite subset of I is also satisfiable; 
4. Monotonicity: if! C A andI'& A then also At A; 


5. Transitivity: if & A and AU {A} & B thenT UAr B. 


Proof. Exercise. Oo 


Proposition C.21. [+ A ifand only ifT U {7A} is unsatisfiable. 
Proof. Exercise. Oo 
Theorem C.22 (Semantic Deduction Theorem). [ — A > B 
if and only iff U {A} & B. 


Proof. Exercise. Oo 


Problems 
Problem C.1. Prove Proposition C.5 
Problem C.2. Prove Proposition C.6 


Problem C.3. For each of the five formulas below determine 
whether the formula can be expressed as a substitution A[B/p;] 
where A is (i) Po; (ii) (~Po A Pi); and (iii) ((>P0 > Pi) A pe). In 
each case specify the relevant substitution. 


1. Py 
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2. (=P9 A Po) 

3- ((Po V Pi) A P2) 

4. >((Po — Pr) A pa) 

5» ((>(Po > Pi) > (Po V P1)) A >(P0 A P1)) 


Problem C.4. Give a mathematically rigorous definition of 
A[B/p] by induction. 


Problem C.5. Consider adding to L%o a ternary connective > 
with evaluation given by 


0(B) if 0(A) =T; 
mej Us 

v(C)_ if o(A) =F. 
Write down the truth table for this connective. 


Problem C.6. Prove Proposition C.18 


Problem C.7. For each of the following four formulas determine 
whether it is (a) satisfiable, (b) tautology, and (c) contingent. 


1. (po > (>P1 > 7Po)). 
2. ((Po A >P1) > (Po A P2))  ((P2 > Po) — (Po — 1). 
3- (Po © Pi) > (p2 7/1). 
4- ((Po  (>P1 A P2)) V (P2 > (Po © P1))). 
Problem C.8. Prove Proposition C.20 
Problem C.g. Prove Proposition C.21 


Problem C.10. Prove Theorem C.22 


APPENDIX D 


Axiomatic 
Derivations 


D.1 Introduction 


Logics commonly have both a semantics and a derivation system. 
The semantics concerns concepts such as truth, satisfiability, va- 
lidity, and entailment. The purpose of derivation systems is to 
provide a purely syntactic method of establishing entailment and 
validity. They are purely syntactic in the sense that a derivation 
in such a system is a finite syntactic object, usually a sequence 
(or other finite arrangement) of sentences or formulas. Good 
derivation systems have the property that any given sequence or 
arrangement of sentences or formulas can be verified mechani- 
cally to be “correct.” 

The simplest (and historically first) derivation systems for 
first-order logic were axiomatic. A sequence of formulas counts 
as a derivation in such a system if each individual formula in it 
is either among a fixed set of “axioms” or follows from formulas 
coming before it in the sequence by one of a fixed number of “in- 
ference rules’—and it can be mechanically verified if a formula 
is an axiom and whether it follows correctly from other formulas 
by one of the inference rules. Axiomatic derivation systems are 
easy to describe—and also easy to handle meta-theoretically— 
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but derivations in them are hard to read and understand, and 
are also hard to produce. 

Other derivation systems have been developed with the aim 
of making it easier to construct derivations or easier to under- 
stand derivations once they are complete. Examples are natural 
deduction, truth trees, also known as tableaux proofs, and the se- 
quent calculus. Some derivation systems are designed especially 
with mechanization in mind, e.g., the resolution method is easy 
to implement in software (but its derivations are essentially im- 
possible to understand). Most of these other derivation systems 
represent derivations as trees of formulas rather than sequences. 
This makes it easier to see which parts of a derivation depend on 
which other parts. 

So for a given logic, such as first-order logic, the different 
derivation systems will give different explications of what it is for 
a sentence to be a theorem and what it means for a sentence to be 
derivable from some others. However that is done (via axiomatic 
derivations, natural deductions, sequent derivations, truth trees, 
resolution refutations), we want these relations to match the se- 
mantic notions of validity and entailment. Let’s write + A for “A is 
a theorem” and “/’ + A” for “A is derivable from I.” However 
+ is defined, we want it to match up with F, that is: 


1. + Aif and only if + A 
2. [+ Aif and only if + A 


The “only if” direction of the above is called soundness. A deriva- 
tion system is sound if derivability guarantees entailment (or va- 
lidity). Every decent derivation system has to be sound; unsound 
derivation systems are not useful at all. After all, the entire pur 
pose of a derivation is to provide a syntactic guarantee of validity 
or entailment. We’ll prove soundness for the derivation systems 
we present. 

The converse “if” direction is also important: it is called com- 
pleteness. A complete derivation system is strong enough to show 
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that A is a theorem whenever A is valid, and that [ + A when- 
ever [+ A. Completeness is harder to establish, and some logics 
have no complete derivation systems. First-order logic does. Kurt 
Gédel was the first one to prove completeness for a derivation 
system of first-order logic in his 1929 dissertation. 

Another concept that is connected to derivation systems is 
that of consistency. A set of sentences is called inconsistent if any- 
thing whatsoever can be derived from it, and consistent other- 
wise. Inconsistency is the syntactic counterpart to unsatisfiablity: 
like unsatisfiable sets, inconsistent sets of sentences do not make 
good theories, they are defective in a fundamental way. Consis- 
tent sets of sentences may not be true or useful, but at least they 
pass that minimal threshold of logical usefulness. For different 
derivation systems the specific definition of consistency of sets of 
sentences might differ, but like +, we want consistency to coincide 
with its semantic counterpart, satisfiability. We want it to always 
be the case that I’ is consistent if and only if it is satisfiable. Here, 
the “if” direction amounts to completeness (consistency guaran- 
tees satisfiability), and the “only if” direction amounts to sound- 
ness (satisfiability guarantees consistency). In fact, for classical 
first-order logic, the two versions of soundness and completeness 
are equivalent. 


D.2 Axiomatic Derivations 


Axiomatic derivations are the oldest and simplest logical deriva- 
tion systems. Its derivations are simply sequences of sentences. 
A sequence of sentences counts as a correct derivation if every 
sentence A in it satisfies one of the following conditions: 


1. Ais an axiom, or 
2. Ais an element of a given set I of sentences, or 


3. A is justified by a rule of inference. 
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To be an axiom, A has to have the form of one of a number of fixed 
sentence schemas. There are many sets of axiom schemas that 
provide a satisfactory (sound and complete) derivation system for 
first-order logic. Some are organized according to the connectives 
they govern, e.g., the schemas 


A—(B— A) B-(BVC) (BAC)->B 


are common axioms that govern —, V and A. Some axiom sys- 
tems aim at a minimal number of axioms. Depending on the 
connectives that are taken as primitives, it is even possible to 
find axiom systems that consist of a single axiom. 

A rule of inference is a conditional statement that gives a 
sufficient condition for a sentence in a derivation to be justified. 
Modus ponens is one very common such rule: it says that if A 
and A — B are already justified, then B is justified. This means 
that a line in a derivation containing the sentence B is justified, 
provided that both A and A — B (for some sentence A) appear 
in the derivation before B. 

The + relation based on axiomatic derivations is defined as 
follows: [+ A iff there is a derivation with the sentence A as 
its last formula (and I is taken as the set of sentences in that 
derivation which are justified by (2) above). A is a theorem if A 
has a derivation where I" is empty, i.e., every sentence in the 
derivation is justified either by (1) or (3). For instance, here is 
a derivation that shows that + A — (B > (B v A)): 


1. B-(BVA) 
2. (B-(BV A)) > (A> (B> (BV 4))) 
3. A>(B-(BVA)) 


The sentence on line 1 is of the form of the axiom A —> (A V B) 
(with the roles of A and B reversed). The sentence on line 2 is of 
the form of the axiom A— (B— 4A). Thus, both lines are justified. 
Line 3 is justified by modus ponens: if we abbreviate it as D, then 
line 2 has the form C — D, where C is B > (B V A), ie., line 1. 
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A set I is inconsistent if [ + L. A complete axiom system 
will also prove that . — A for any A, and so if I is inconsistent, 
then [+ A for any A. 

Systems of axiomatic derivations for logic were first given by 
Gottlob Frege in his 1879 Begriffsschrift, which for this reason is 
often considered the first work of modern logic. They were per- 
fected in Alfred North Whitehead and Bertrand Russell’s Prin- 
cipia Mathematica and by David Hilbert and his students in the 
1920s. They are thus often called “Frege systems” or “Hilbert 
systems.” They are very versatile in that it is often easy to find 
an axiomatic system for a logic. Because derivations have a very 
simple structure and only one or two inference rules, it is also rel- 
atively easy to prove things about them. However, they are very 
hard to use in practice, i.e., it is difficult to find and write proofs. 


D.3 Rules and Derivations 


Axiomatic derivations are perhaps the simplest derivation system 
for logic. A derivation is just a sequence of formulas. To count 
as a derivation, every formula in the sequence must either be an 
instance of an axiom, or must follow from one or more formulas 
that precede it in the sequence by a rule of inference. A derivation 
derives its last formula. 


Definition D.1 (Derivability). If I is a set of formulas of &% 
then a derivation from I is a finite sequence Aj, ..., A, of formulas 
where for each i < n one of the following holds: 


1. A; € I; or 
2. A; is an axiom; or 


3. A; follows from some A; (and A;) with j < i (and k < i) 
by a rule of inference. 


What counts as a correct derivation depends on which infer- 
ence rules we allow (and of course what we take to be axioms). 
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And an inference rule is an if-then statement that tells us that, 
under certain conditions, a step A; in a derivation is a correct 
inference step. 


Definition D.2 (Rule of inference). A rule of inference gives a 
sufficient condition for what counts as a correct inference step in 
a derivation from I. 


For instance, since any one-element sequence A with A € [ 
trivially counts as a derivation, the following might be a very 
simple rule of inference: 


If A € J, then A is always a correct inference step in 
any derivation from I’. 


Similarly, if A is one of the axioms, then A by itself is a derivation, 
and so this is also a rule of inference: 


If A is an axiom, then A is a correct inference step. 


It gets more interesting if the rule of inference appeals to formulas 
that appear before the step considered. The following rule is 
called modus ponens: 


If B — A and B occur higher up in the derivation, 
then A is a correct inference step. 


If this is the only rule of inference, then our definition of deriva- 
tion above amounts to this: Aj, ..., A, is a derivation iff for each 
i <n one of the following holds: 


1. A; € I; or 
2. A; is an axiom; or 


3. for some j < i, A; is B — Aj, and for some k < i, Ax is B. 
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The last clause says that A; follows from A; (B) and A; (B— A;) 
by modus ponens. If we can go from 1 to n, and each time we 
find a formula A; that is either in [, an axiom, or which a rule of 
inference tells us that it is a correct inference step, then the entire 
sequence counts as a correct derivation. 


Definition D.3 (Derivability). A formula A is derivable from I, 
written [+ A, if there is a derivation from I’ ending in A. 


Definition D.4 (Theorems). A formula A is a theorem if there 
is a derivation of A from the empty set. We write + A if A is a 
theorem and ¥ A if it is not. 


D.4 Axiom and Rules for the Propositional 
Connectives 


Definition D.5 (Axioms). The set of Axo of axioms for the 
propositional connectives comprises all formulas of the following 
forms: 


(AAB)—>A (D.1) 
(AAB)—>B (D.2) 
A—(B-(AAB)) (D.3) 
A— (Av B) (D.4) 
A— (BV A) (D.5) 
(A> C) > ((B> C) > (AV B)-C)) (D.6) 
A—(B- A) (D.7) 
(A> (B>C)) —> ((A> B) > (A 0C)) (D.8) 
(A > B) — ((A > 7B) — 7A) (D.9) 
AA > (A> B) (D.10) 


T (D.11) 
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LOA (D.12) 
(A— 1) 7A (D.13) 
anA—> A (D.14) 


Definition D.6 (Modus ponens). If B and B—A already occur 
in a derivation, then A is a correct inference step. 


We'll abbreviate the rule modus ponens as “MP.” 


D.5 Examples of Derivations 


Example D.7. Suppose we want to prove (=~DV EF) > (D— E). 
Clearly, this is not an instance of any of our axioms, so we have 
to use the Mp rule to derive it. Our only rule is MP, which given 
A and A— B allows us to justify B. One strategy would be to use 
eq. (D.6) with A being =D, B being F, and C being D — BE, i-e., 
the instance 


(-D— (D— E))> ((E> (D> E£)) > ((ADV E) > (D— B))). 


Why? Two applications of MP yield the last part, which is what 
we want. And we easily see that =D — (D — E) is an instance of 
eq. (D.10), and EF > (D => E) is an instance of eq. (D.7). So our 
derivation is: 


1. AD (D-E) eq. (D.10) 
2. (AD->(D-E))-> 
(E> (D—- E)) > (ADV E) > (D— E€))) eq. (D.6) 


3. ((E> (D> E)) > ((AD Vv E) > (D> B)) 1, 2, MP 
4. E> (D-E) eq. (D.7) 
5. (-DVE)> (DE) 3, 4, MP 


Example D.8. Let’s try to find a derivation of D—D. It is not an 
instance of an axiom, so we have to use MP to derive it. eq. (D.7) 
is an axiom of the form A — B to which we could apply mp. To 
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be useful, of course, the B which mp would justify as a correct 
step in this case would have to be D — D, since this is what we 
want to derive. That means A would also have to be D, i.e., we 
might look at this instance of eq. (D.7): 


D-(D—-D) 


In order to apply MP, we would also need to justify the corre- 
sponding second premise, namely A. But in our case, that would 
be D, and we won't be able to derive D by itself. So we need a 
different strategy. 

The other axiom involving just — is eq. (D.8), ice., 


(A> (B>C€)) > (A> B)> (A> €)) 


We could get to the last nested conditional by applying Mp twice. 
Again, that would mean that we want an instance of eq. (D.8) 
where A — C is D — D, the formula we are aiming for. Then of 
course, A and C are both D. How should we pick B so that both 
A- (B—-C) and A - B, ie., in our case D > (B > D) and 
D — B, are also derivable? Well, the first of these is already an 
instance of eq. (D.7), whatever we decide B to be. And D— B 
would be another instance of eq. (D.7) if B were (D — D). So, 
our derivation is: 


1. D->((D—D)—D) eq. (D.7) 
2. (D> ((D—D)—D))—- 
((D—> (D—D))—- (D—D))_ eq. (D.8) 


3. (D>(D-D))- (DD) 1, 2, MP 
4. D-(D-D) eq. (D.7) 
5. DoD 3) 4, MP 


Example D.9. Sometimes we want to show that there is a deriva- 
tion of some formula from some other formulas I’. For instance, 
let’s show that we can derive A > C from [ = {A— B,B > C}. 
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1A-B Hyp 
2 BoC Hyp 
3. (BC) (A> (B-0C)) eq. (D.7) 
4. A>(B-C) 2, 3, MP 
5. (A> (B>C))> 

(A> B) > (A-C)) eq. (D.8) 
6. ((A>B)> (A> 0)) 4y 5» MP 
7, A-C 1, 6, MP 


The lines labelled “Hyp” (for “hypothesis”) indicate that the for- 
mula on that line is an element of I’. 


Proposition D.10. [f/f + A> BandI+ BC, thenT + AMC 


Proof. Suppose [+ A> BandI+ BC. Then there is a deriva- 
tion of A— B from I; and a derivation of B > C from I as well. 
Combine these into a single derivation by concatenating them. 
Now add lines 3-7 of the derivation in the preceding example. 
This is a derivation of A — C—which is the last line of the new 
derivation—from I. Note that the justifications of lines 4 and 7 
remain valid if the reference to line number 2 is replaced by ref- 
erence to the last line of the derivation of A — B, and reference 
to line number 1 by reference to the last line of the derivation 
of BC. Oo 


D.6 Proof-Theoretic Notions 


Just as we’ve defined a number of important semantic notions 
(tautology, entailment, satisfiability), we now define correspond- 
ing proof-theoretic notions. These are not defined by appeal to satis- 
faction of sentences in structures, but by appeal to the derivability 
or non-derivability of certain formulas. It was an important dis- 
covery that these notions coincide. That they do is the content 
of the soundness and completeness theorems. 
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Definition D.11 (Derivability). A formula A is derivable from 
I’, written [+ A, if there is a derivation from I ending in A. 


Definition D.12 (Theorems). A formula A is a theorem if there 
is a derivation of A from the empty set. We write + A if A is a 
theorem and ¥ A if it is not. 


Definition D.13 (Consistency). A set I of formulas is consis- 
tent if and only if I’ ¥ 1; it is inconsistent otherwise. 


Proposition D.14 (Reflexivity). [fA «I, then + A. 


Proof. The formula A by itself is a derivation of A from I. Oo 


Proposition D.15 (Monotonicity). [f[ C 4 andTI + A, then 
ALA. 


Proof. Any derivation of A from I is also a derivation of A 
from J. O 


Proposition D.16 (Transitivity). [ff + A and{A}UAt B, then 
DUA ESB: 


Proof. Suppose {A} U 4+ B. Then there is a derivation By, ..., 
B, = B from {A} U 4. Some of the steps in that derivation will be 
correct because of a rule which refers to a prior line B; = A. By 
hypothesis, there is a derivation of A from I, i.e., a derivation A}, 
..., Ag, = A where every A; is an axiom, an element of I’, or 
correct by a rule of inference. Now consider the sequence 


Ay,..., Ag = A, By,...,B, = B. 


This is a correct derivation of B from I U JA since every B; = A 
is now justified by the same rule which justifies A; = A. Oo 
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Note that this means that in particular if [+ A and At B, 
then J+ B. It follows also that if A1,...,4, + Band TJ + A; for 
each i, then J+ B. 


Proposition D.17. I" is inconsistent iff [ + A for every A. 


Proof. Exercise. Oo 


Proposition D.18 (Compactness). 1. If + A then there is a 
finite subset [9 CT’ such that I + A. 


2. If every finite subset of I’ is consistent, then I is consistent. 


Proof. 1. If I+ A, then there is a finite sequence of formulas 
Ay, ..., A, so that A = A, and each 4; is either a logical 
axiom, an element of I or follows from previous formulas 
by modus ponens. Take / to be those A; which are in I. 
Then the derivation is likewise a derivation from Io, and 
solgt A. 


2. This is the contrapositive of (1) for the special case A = LL. 
O 


D.7 The Deduction Theorem 


As we've seen, giving derivations in an axiomatic system is cum- 
bersome, and derivations may be hard to find. Rather than actu- 
ally write out long lists of formulas, it is generally easier to argue 
that such derivations exist, by making use of a few simple results. 
We’ve already established three such results: Proposition D.14 
says we can always assert that J. + A when we know that A «I. 
Proposition D.15 says that if [ + A then also [ U {B} + A. And 
Proposition D.16 implies that if 7+ A and A+ B, then I+ B. 
Here’s another simple result, a “meta”-version of modus ponens: 
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Proposition D.19. [ff + A andl +} AB, thenT'+ B. 


Proof. We have that {A,A — B} + B: 


1, A Hyp. 

2. A—B_ Hyp. 

3. B 1, 2, MP 

By Proposition D.16, [+ B. Oo 


The most important result we'll use in this context is the de- 
duction theorem: 


Theorem D.20 (Deduction Theorem). [U{A} + B ifand only 
if + A—B. 


Proof. The “if” direction is immediate. If [ + A — B then also 
I U{A} + A > B by Proposition D.15. Also, [ U {A} + A by 
Proposition D.14. So, by Proposition D.19, F U {A} + B. 

For the “only if” direction, we proceed by induction on the 
length of the derivation of B from I U {A}. 

For the induction basis, we prove the claim for every deriva- 
tion of length 1. A derivation of B from I U {A} of length 1 
consists of B by itself; and if it is correct B is either €¢ TU {A} 
or is an axiom. If B € T or is an axiom, then [+ B. We also 
have that [ + B — (A — B) by eq. (D.7), and Proposition D.19 
gives [+ A— B. If B € {A} then + A— B because then last 
sentence A — B is the same as A — A, and we have derived that 
in Example D.8. 

For the inductive step, suppose a derivation of B from 'U {A} 
ends with a step B which is justified by modus ponens. (If it 
is not justified by modus ponens, B ¢ I, B = A, or B is an 
axiom, and the same reasoning as in the induction basis applies.) 
Then some previous steps in the derivation are C — B and C, for 
some formula C, i., [ U{A} + C > Band I U {A} + C, and 
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the respective derivations are shorter, so the inductive hypothesis 
applies to them. We thus have both: 


Trtrta->(C—-B); 
Tra. 


But also 
Tt(A>(C>B)) > ((A>C) > (A B)), 


by eq. (D.8), and two applications of Proposition D.19 give [+ 
A— B, as required. Oo 


Notice how eq. (D.7) and eq. (D.8) were chosen precisely so 
that the Deduction Theorem would hold. 

The following are some useful facts about derivability, which 
we leave as exercises. 


Proposition D.21. 1.¢+ (A> B)> ((B> C) > (A C0); 
2. Iff U{AA} + aB then U{B} + A (Contraposition); 
3. {4,74} + B (Ex Falso Quodlibet, Explosion); 
4. {273A} + A (Double Negation Elimination); 


5. fT + 5A then + A; 


D.8  Derivability and Consistency 


We will now establish a number of properties of the derivability 
relation. They are independently interesting, but each will play 
a role in the proof of the completeness theorem. 


Proposition D.22. [ff + A andT U {A} is inconsistent, then I’ is 
inconsistent. 
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Proof. If I U {A} is inconsistent, then [ U {A} + L. By Proposi- 
tion D.14, + B for every B € I. Since also [+ A by hypothesis, 
I+ B for every B € TU {A}. By Proposition D.16, F + 1, ie. F 
is inconsistent. Oo 


Proposition D.23. [+ A iffl U {7A} is inconsistent. 


Proof. First suppose [ + A. Then I U {7A} + A by Proposi- 
tion D.15. [ U {=A} + =A by Proposition D.14. We also have 
+ =A — (A — 1) by eq. (D.10). So by two applications of Propo- 
sition D.19, we have [ U {AA} L. 

Now assume I U {-4} is inconsistent, ie., 1 U {AA} + L. By 
the deduction theorem, [ + =A > 1. [+ (34 —> 1) — 777A by 
eq. (D.13), so [+ =A by Proposition D.19. Since F + AA — A 
(eq. (D.14)), we have [+ A by Proposition D.19 again. Oo 


Proposition D.24. [ff + A and-=A €T, thenT is inconsistent. 


Proof. [ + ~A—(A— 1) by eq. (D.10). + by two applications 
of Proposition D.19. Oo 


Proposition D.25. [fT U {A} andT U {=A} are both inconsistent, 
then I’ is inconsistent. 


Proof. Exercise. Oo 


D.g Derivability and the Propositional 
Connectives 


We establish that the derivability relation + of axiomatic deduc- 
tion is strong enough to establish some basic facts involving the 
propositional connectives, such as that AAB+ Aand A,A—Bt B 
(modus ponens). These facts are needed for the proof of the com- 
pleteness theorem. 
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Proof. 1. From eq. (D.1) and eq. (D.1) by modus ponens. 


2. From eq. (D.3) by two applications of modus ponens. Oo 


Proof. 1. From eq. (D.g) we get } aA > (A> L) andt ~B—> 
(B — 1). So by the deduction theorem, we have {=A} + 
A— Land {=B} + BL. From eq. (D.6) we get {=A,-B} + 
(AVB)— LL. By the deduction theorem, {AVB,7A,7B} + 1. 


2. From eq. (D.4) and eg. (D.5) by modus ponsens. Oo 


Proof. 1. We can derive: 


2. By eq. (D.10) and eq. (D.7) and the deduction theorem, 
respectively. Oo 
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D.10 Soundness 


A derivation system, such as axiomatic deduction, is sound if 
it cannot derive things that do not actually hold. Soundness is 
thus a kind of guaranteed safety property for derivation systems. 
Depending on which proof theoretic property is in question, we 
would like to know for instance, that 


1. every derivable A is valid; 


2. if A is derivable from some others I, it is also a conse- 
quence of them; 


3. if a set of formulas I is inconsistent, it is unsatisfiable. 


These are important properties of a derivation system. If any of 
them do not hold, the derivation system is deficient—it would 
derive too much. Consequently, establishing the soundness of 
a derivation system is of the utmost importance. 


Proposition D.29. [fA is an axiom, thenv § A for each valuation v. 


Proof. Do truth tables for each axiom to verify that they are tau- 
tologies. q 


Theorem D.30 (Soundness). [f['+ A thenI'§ A. 


Proof. By induction on the length of the derivation of A from I. 
If there are no steps justified by inferences, then all formulas in 
the derivation are either instances of axioms or are in I. By the 
previous proposition, all the axioms are tautologies, and hence if 
A is an axiom then /'f A. If A € I, then trivially [+ A. 

If the last step of the derivation of A is justified by modus 
ponens, then there are formulas B and B — A in the derivation, 
and the induction hypothesis applies to the part of the derivation 
ending in those formulas (since they contain at least one fewer 
steps justified by an inference). So, by induction hypothesis, 
Band + B—A. Then I ¢ A by Theorem C.22. 
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Corollary D.31. [ft A, then A is a tautology. 


Corollary D.32. [fT is satisfiable, then it is consistent. 


Proof. We prove the contrapositive. Suppose that I is not con- 
sistent. Then [+ 1, ie., there is a derivation of 1 from I’. By 
Theorem D.30, any valuation v that satisfies [ must satisfy L. 
Since v ¥ 1 for every valuation v, no v can satisfy I’, i.e., I is 
not satisfiable. Oo 


Problems 


Problem D.1. Show that the following hold by exhibiting deriva- 
tions from the axioms: 


1. (AA B)—> (BAA) 
2. ((AAB)>C)—> (A> (B- C)) 
3. aA(AV B) > AA 
Problem D.2. Prove Proposition D.17. 
Problem D.3. Prove Proposition D.21 
Problem D.4. Prove that [+ =A iff [ U {A} is inconsistent. 


Problem D.5. Prove Proposition D.25 
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Tableaux 


E.1 Tableaux 


While many derivation systems operate with arrangements of sen- 
tences, tableaux operate with signed formulas. A signed formula 
is a pair consisting of a truth value sign (T or F) and a sentence 


TA or FA. 


A tableau consists of signed formulas arranged in a downward- 
branching tree. It begins with a number of assumptions and con- 
tinues with signed formulas which result from one of the signed 
formulas above it by applying one of the rules of inference. Each 
rule allows us to add one or more signed formulas to the end 
of a branch, or two signed formulas side by side—in this case a 
branch splits into two, with the two added signed formulas form- 
ing the ends of the two branches. 

A rule applied to a complex signed formula results in the 
addition of signed formulas which are immediate sub-formulas. 
They come in pairs, one rule for each of the two signs. For in- 
stance, the AT rule applies to TA A B, and allows the addition 
of both the two signed formulas T A and T B to the end of any 
branch containing T A A B, and the rule A A BF allows a branch 
to be split by adding F A and F B side-by-side. A tableau is closed 
if every one of its branches contains a matching pair of signed 
formulas T A and F A. 
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The + relation based on tableaux is defined as follows: [+ A 
iff there is some finite set Jy = {Bi,...,B,} C I such that there 
is a closed tableau for the assumptions 


{F A,T By,...,T By} 


For instance, here is a closed tableau that shows that + (AAB)—A: 


1. F(AAB)-A Assumption 
Q. TAAB >F1 
3. FA —>F1 
4. TA —T2 
5. TB —T2 
® 


A set I is inconsistent in the tableau calculus if there is a 
closed tableau for assumptions 


{T By,...,T Bra} 


for some B; € T. 

Tableaux were invented in the 1950s independently by Ev- 
ert Beth and Jaakko Hintikka, and simplified and popularized 
by Raymond Smullyan. They are very easy to use, since con- 
structing a tableau is a very systematic procedure. Because of 
the systematic nature of tableaux, they also lend themselves to 
implementation by computer. However, a tableau is often hard 
to read and their connection to proofs are sometimes not easy to 
see. The approach is also quite general, and many different logics 
have tableau systems. Tableaux also help us to find structures that 
satisfy given (sets of) sentences: if the set is satisfiable, it won’t 
have a closed tableau, i.e., any tableau will have an open branch. 
The satisfying structure can be “read off” an open branch, pro- 
vided every rule it is possible to apply has been applied on that 
branch. There is also a very close connection to the sequent cal- 
culus: essentially, a closed tableau is a condensed derivation in 
the sequent calculus, written upside-down. 
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E.2 Rules and Tableaux 


A tableau is a systematic survey of the possible ways a sentence 
can be true or false in a structure. The building blocks of a 
tableau are signed formulas: sentences plus a truth value “sign,” 
either T or F. These signed formulas are arranged in a (down- 
ward growing) tree. 


Definition E.1. A signed formula is a pair consisting of a truth 
value and a sentence, i.e., either: 


TA or FA. 


Intuitively, we might read T A as “A might be true” and F A 
as “A might be false” (in some structure). 

Each signed formula in the tree is either an assumption (which 
are listed at the very top of the tree), or it is obtained from 
a signed formula above it by one of a number of rules of in- 
ference. There are two rules for each possible main operator of 
the preceding formula, one for the case where the sign is T, and 
one for the case where the sign is F. Some rules allow the tree to 
branch, and some only add signed formulas to the branch. A rule 
may be (and often must be) applied not to the immediately pre- 
ceding signed formula, but to any signed formula in the branch 
from the root to the place the rule is applied. 

A branch is closed when it contains both T A and F A. A closed 
tableau is one where every branch is closed. Under the intuitive 
interpretation, any branch describes a joint possibility, but T A 
and F A are not jointly possible. In other words, if a branch is 
closed, the possibility it describes has been ruled out. In partic- 
ular, that means that a closed tableau rules out all possibilities 
of simultaneously making every assumption of the form T A true 
and every assumption of the form F A false. 

A closed tableau for A is a closed tableau with root F A. If 
such a closed tableau exists, all possibilities for A being false have 
been ruled out; i.e., A must be true in every structure. 
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E.3 Propositional Rules 


Rules for = 


TAA 
FA 


aT 


Rules for A 


Rules for V 


TAVB 


TA | Ta’! 


Rules for > 


TAB 


FA | TB 


The Cut Rule 


t | es 
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The Cut rule is not applied “to” a previous signed formula; 
rather, it allows every branch in a tableau to be split in two, one 
branch containing TA, the other F A. It is not necessary—any 
set of signed formulas with a closed tableau has one not using 
Cut—but it allows us to combine tableaux in a convenient way. 
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E.4 Tableaux 


We’ve said what an assumption is, and we’ve given the rules of 
inference. Tableaux are inductively generated from these: each 
tableau either is a single branch consisting of one or more as- 
sumptions, or it results from a tableau by applying one of the 
rules of inference on a branch. 


Definition E.2 (Tableau). A tableau for assumptions $A), ..., 
SnAn (where each S; is either T or F) is a finite tree of signed 
formulas satisfying the following conditions: 


1. The n topmost signed formulas of the tree are S;A;, one 
below the other. 


2. Every signed formula in the tree that is not one of the as- 
sumptions results from a correct application of an inference 
rule to a signed formula in the branch above it. 


A branch of a tableau is closed iff it contains both T A and F A, 
and open otherwise. A tableau in which every branch is closed 
is a closed tableau (for its set of assumptions). If a tableau is not 
closed, i.e., if it contains at least one open branch, it is open. 


Example E.3. Every set of assumptions on its own is a tableau, 
but it will generally not be closed. (Obviously, it is closed only 
if the assumptions already contain a pair of signed formulas T A 
and F A.) 

From a tableau (open or closed) we can obtain a new, larger 
one by applying one of the rules of inference to a signed formula A 
in it. The rule will append one or more signed formulas to the 
end of any branch containing the occurrence of A to which we 
apply the rule. 

For instance, consider the assumption T A A =A. Here is the 
(open) tableau consisting of just that assumption: 


1. TAA-A Assumption 
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We obtain a new tableau from it by applying the AT rule to the 
assumption. That rule allows us to add two new lines to the 
tableau, T A and T =A: 


1. TAA-7A Assumption 
2. TA AT1 
3. TAA AT1 


When we write down tableaux, we record the rules we’ve applied 
on the right (e.g., AT1 means that the signed formula on that 
line is the result of applying the AT rule to the signed formula on 
line 1). This new tableau now contains additional signed formu- 
las, but to only one (T-—A) can we apply a rule (in this case, the 
aT rule). This results in the closed tableau 


1. TAA-7A Assumption 
2. TA AT1 
3: TAA AT1 
4. FA aT 3 
® 


E.5 Examples of Tableaux 


Example E.4. Let’s find a closed tableau for the sentence (A A 
B) > A. 

We begin by writing the corresponding assumption at the top 
of the tableau. 


1. F(AAB)—-A Assumption 


There is only one assumption, so only one signed formula to 
which we can apply a rule. (For every signed formula, there is 
always at most one rule that can be applied: it’s the rule for the 
corresponding sign and main operator of the sentence.) In this 
case, this means, we must apply —F. 
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1. F(AAB)> AV Assumption 
2. TAAB —F1 
3. FA —F1 


To keep track of which signed formulas we have applied their cor- 
responding rules to, we write a checkmark next to the sentence. 
However, only write a checkmark if the rule has been applied to 
all open branches. Once a signed formula has had the corre- 
sponding rule applied in every open branch, we will not have to 
return to it and apply the rule again. In this case, there is only 
one branch, so the rule only has to be applied once. (Note that 
checkmarks are only a convenience for constructing tableaux and 
are not officially part of the syntax of tableaux.) 

There is one new signed formula to which we can apply a 
rule: the T A A B on line 2. Applying the AT rule results in: 


1. F(AAB) > AV Assumption 
Q, TAABV >F1 
3. FA —F1 
4. TA AT 2 
5: TB AT2 
® 


Since the branch now contains both T A (on line 4) and F A (on 
line 3), the branch is closed. Since it is the only branch, the 
tableau is closed. We have found a closed tableau for (AA B)— A. 


Example E.5. Now let’s find a closed tableau for (=A v B) > 
(A — B). 
We begin with the corresponding assumption: 


1. F(7=Av B) > (AB) Assumption 


The one signed formula in this tableau has main operator — and 
sign F, so we apply the —F rule to it to obtain: 
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1. F(7=Av B) > (A> B) V Assumption 
: TAAVB —F1 
a. F(A— B) >F1 


We now have a choice as to whether to apply VT to line 2 or 
—F to line 3. It actually doesn’t matter which order we pick, as 
long as each signed formula has its corresponding rule applied 
in every branch. So let’s pick the first one. The VT rule allows 
the tableau to branch, and the two conclusions of the rule will be 
the new signed formulas added to the two new branches. This 
results in: 


1. F(-Av B) > (A> B)V Assumption 


: TAAVBV ->F1 
5. F(A— B) >F1 
4. T-A TB VT2 


We have not applied the —F rule to line 3 yet: let’s do that now. 
To save time, we apply it to both branches. Recall that we write 
a checkmark next to a signed formula only if we have applied the 
corresponding rule in every open branch. So it’s a good idea to 
apply a rule at the end of every branch that contains the signed 
formula the rule applies to. That way we won’t have to return to 
that signed formula lower down in the various branches. 


1. F(AAvV B) > (A> B) V Assumption 


Q. TrAAVBYV —F1 
a F(A>B)V >F1 
4. TAA TB VT2 
5: TA TA —F3 
6. FB FB —F3 


® 


APPENDIX E. TABLEAUX 231 


The right branch is now closed. On the left branch, we can still 
apply the —T rule to line 4. This results in F A and closes the left 
branch: 


1. F(=Av B) > (A> B) V Assumption 

2. TrAAVBV —F1 

3. F(A>B)V >F1 
eos, 

4. TAA TB VT2 

5: TA TA —F3 

6. FB FB —F3 

7. FA @ aT 4 
® 


Example E.6. We can give tableaux for any number of signed 
formulas as assumptions. Often it is also necessary to apply more 
than one rule that allows branching; and in general a tableau can 
have any number of branches. For instance, consider a tableau 
for {TAV (BAC),F (AV B) A(AVC)}. We start by applying the 
VT to the first assumption: 


1. TAV(BAC)V Assumption 
2. F(AV B) A (AVC) Assumption 


an 


3. TA TBAC vT1 


Now we can apply the AF rule to line 2. We do this on both 
branches simultaneously, and can therefore check off line 2: 


1. TAV(BAC)V Assumption 
2. F(AVB)A(AVC) V Assumption 
3. TA TBAC VT1 


ge 


4. FAVB FAVC FAVB FAVC AF 2 
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Now we can apply VF to all the branches containing A Vv B: 


1. TAV(BAC)V Assumption 
F(AVB)A(AVC) V Assumption 
3. TA TBAC VT1 


ee 2 


4. FAVBY FAVC FAVBV FAVC AF 2 


5. FA FA VF4 
6. FB FB VF4 
® 


The leftmost branch is now closed. Let’s now apply VF to AV C: 


1. TAV(BAC)V Assump 
F(AVB)A(AVC)V Assumfp 
TA TBAC VT1 


4. FAVBY FAVCJY FAVBVY FAVCV AF2 

a FA FA VF4 

6. FB FB VF4 

rs ®@ FA FA VF4 

8. FC FC VF4 
@ 


Note that we moved the result of applying VF a second time below 
for clarity. In this instance it would not have been needed, since 
the justifications would have been the same. 

Two branches remain open, and TB A C on line 3 remains 
unchecked. We apply AT to it to obtain a closed tableau: 
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1. TAV (BAC) V Assumr 
F(AVB)A(AVC)V Assumfp 
3. TA TBACV VT1 


ee ne aa oe 


4. FAVBY FAVCJY FAVBVY FAVCV AF2 

5: FA FA FA FA VF4 

6. FB FC FB FC VEF4 

VE ®@ ®@ TB TB AT3 

8. TC TC AT3 
®@ ®@ 


For comparison, here’s a closed tableau for the same set of 
assumptions in which the rules are applied in a different order: 


1. TAV(BAC)V Assumption 
Q. F(AVB)A(AVC) V Assumption 
3. FAVBV FAVCV AF 2 
4. FA FA VE3 
5- FB FC VE3 


, a a <a. © 


6. TA TBACY TA TBACV VT1 


7. @ TB @ TB AT6 
8. TC TC AT6 
& ® 


E.6 Proof-Theoretic Notions 


Just as we’ve defined a number of important semantic notions 
(validity, entailment, satisfiability), we now define corresponding 
proof-theoretic notions. These are not defined by appeal to satisfac- 
tion of sentences in structures, but by appeal to the existence of 
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certain closed tableaux. It was an important discovery that these 
notions coincide. That they do is the content of the soundness and 
completeness theorems. 


Definition E.7 (Theorems). A sentence A is a theorem if there 
is a closed tableau for F A. We write + A if A is a theorem and 
¥ A if it is not. 


Definition E.8 (Derivability). A sentence A is derivable from a 
set of sentences J’, [+ A iff there is a finite set {B),...,B,} CT 
and a closed tableau for the set 


{F A,T By,...,T By}. 


If A is not derivable from I we write I ¥ A. 


Definition E.g (Consistency). A set of sentences I" is inconsis- 
tent iff there is a finite set {B),...,B,} C I and a closed tableau 
for the set 

{T By,...,T By}. 


If I’ is not inconsistent, we say it is consistent. 


Proposition E.10 (Reflexivity). [fA <I, thenI+ A. 
Proof. If Ae I, {A} is a finite subset of and the tableau 


1. FA Assumption 
2. TA Assumption 
® 


is closed. oO 
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Proposition E.11 (Monotonicity). Jf ¢ 4 andT + A, then 
ALA. 


Proof. Any finite subset of I is also a finite subset of 4. Oo 


Proposition E.12 (Transitivity). //[ + A and {A}UAt B, then 
DOA EB. 


Proof. If {A} UA t+ B, then there is a finite subset 49 = 
{C,...,C,} © A such that 


{F B.TA,TC,...,TCy} 


has a closed tableau. If [ + A then there are Dj, ..., Dm such 
that 


{F AT Di,...,TDm} 


has a closed tableau. 
Now consider the tableau with assumptions 


FB,TC,...,1TC,,T Di,...,T Dn. 


Apply the Cut rule on A. This generates two branches, one has 
T A in it, the other F A. Thus, on the one branch, all of 


{F B,T A,TC),...,T Ca} 


are available. Since there is a closed tableau for these assump- 
tions, we can attach it to that branch; every branch through T A 
closes. On the other branch, all of 


{F A,T Dj,...,T Dn} 


are available, so we can also complete the other side to obtain a 
closed tableau. This shows [.U 4+ B. Oo 


Note that this means that in particular if [ + A and At B, 
then J+ B. It follows also that if Ay,...,A4, | Band JI + A; for 
each i, then J+ B. 
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Proposition E.13. I is inconsistent iffl + A for every sentence A. 
Proof. Exercise. Oo 


Proposition E.14 (Compactness). 1. If + A then there is a 
finite subset [9 CT’ such that I + A. 


2. If every finite subset of I’ is consistent, then I is consistent. 


Proof 1.If I + A, then there is a finite subset [o 
{B,,...,B,} and a closed tableau for 


{F A,T By,...,T By} 
This tableau also shows [9 | A. 


2. If © is inconsistent, then for some finite subset J) = 
{B,,...,By,} there is a closed tableau for 


{T Bisesi7T Bal 


This closed tableau shows that I is inconsistent. oO 


E.7_ Derivability and Consistency 


We will now establish a number of properties of the derivability 
relation. They are independently interesting, but each will play 
a role in the proof of the completeness theorem. 


Proposition E.15. [ff + A andTI U {A} is inconsistent, then I is 
inconsistent. 


Proof. There are finite Jy = {By,...,B,} and 1, = {Cy,...,C,} ¢ 
I’ such that 


{F AT By,...,T By} 
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(TAT Cijs0.,T Ca} 


have closed tableaux. Using the Cut rule on A we can combine 
these into a single closed tableau that shows /U/} is inconsistent. 
Since 1p CF andl, CI,Il)UlM CT, hence I is inconsistent.o 


Proposition E.16. [+ A iffl U {=A} is inconsistent. 
Proof. First suppose I+ A, i.e., there is a closed tableau for 
{F A,T By,...,T By} 
Using the “T rule, this can be turned into a closed tableau for 
{T 4=A,T By,...,T By}. 


On the other hand, if there is a closed tableau for the latter, we 
can turn it into a closed tableau of the former by removing every 
formula that results from =T applied to the first assumption T =A 
as well as that assumption, and adding the assumption F A. For 
if a branch was closed before because it contained the conclusion 
of =T applied to T “A, i.e., F A, the corresponding branch in the 
new tableau is also closed. If a branch in the old tableau was 
closed because it contained the assumption T —A as well as F =A 
we can turn it into a closed branch by applying =F to F-=A to 
obtain TA. This closes the branch since we added F A as an 
assumption. Oo 


Proposition E.17. [ff + A and=A €T, thenT is inconsistent. 


Proof. Suppose 1 + Aand 7A € I. Then there are Bi, ..., B, € I 
such that 
{FA,T Bi,..+,T By} 


has a closed tableau. Replace the assumption F A by T-A, and 
insert the conclusion of =T applied to F A after the assumptions. 
Any sentence in the tableau justified by appeal to line 1 in the 
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old tableau is now justified by appeal to line n+ 1. So if the old 
tableau was closed, the new one is. It shows that I is inconsistent, 
since all assumptions are in I. Oo 


Proposition E.18. JfI U {A} andI U {A} are both inconsistent, 
then I’ is inconsistent. 


Proof. If there are By, ..., B, € [ and Cj, ..., Cn € T such that 


{T AT By,...,T B,} and 
{T =A,T Cy,...,T Cn} 


both have closed tableaux, we can construct a single, combined 
tableau that shows that I" is inconsistent by using as assumptions 
T By, ..., TB, together with TC), ..., T Cm, followed by an ap- 
plication of the Cut rule. This yields two branches, one starting 
with T A, the other with F A. 

On the left left side, add the part of the first tableau below its 
assumptions. Here, every rule application is still correct, since 
each of the assumptions of the first tableau, including TA, is 
available. Thus, every branch below T A closes. 

On the right side, add the part of the second tableau below 
its assumption, with the results of any applications of sT to T=A 
removed. The conclusion of =T to T =A is F A, which is neverthe- 
less available, as it is the conclusion of the Cut rule on the right 
side of the combined tableau. 

If a branch in the second tableau was closed because it con- 
tained the assumption T-—A (which no longer appears as an as- 
sumption in the combined tableau) as well as F —A, we can ap- 
plying -F to F =A to obtain T A. Now the corresponding branch 
in the combined tableau also closes, because it contains the right- 
hand conclusion of the Cut rule, F A. If a branch in the second 
tableau closed for any other reason, the corresponding branch in 
the combined tableau also closes, since any signed formulas other 
than T -A occurring on the branch in the old, second tableau also 
occur on the corresponding branch in the combined tableau. O 
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E.8 Derivability and the Propositional 
Connectives 


We establish that the derivability relation + of tableaux is strong 
enough to establish some basic facts involving the propositional 
connectives, such as that AA B+ A and A,A— B+ B (modus 
ponens). These facts are needed for the proof of the completeness 
theorem. 


Proposition E.19. 1. BohANBt+t AandANBt B. 


20ACB ANB. 
Proof. 1. Both {F A,T AA B} and {F B,T AA B} have closed 
tableaux 
1. FA Assumption 
2. TAAB Assumption 
3. TA AT 2 
4. TB AT 2 
® 
1. FB Assumption 
2. TAAB Assumption 
ey TA AT 2 
4. TB AT 2 
® 


2. Here is a closed tableau for {T A,T B,F AA B}: 
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to 


Proposition E.20. 


2. BothA+ AV BandBtAVB. 


Proof. 


A 


1. {AV B,7A,-=B} is inconsistent. 


TAVB 
TAA 
TAB 
FA 
FB 


a 


TA TB 
® ® 


Assumption 
Assumption 
Assumption 


AF1 


Assumption 
Assumption 
Assumption 
aT 2 
sells: 


VT1 


240 


1. We give a closed tableau of {TA Vv B,T =A, T =B}: 


2. Both {F AV B,T A} and {F AVB,T B} have closed tableaux: 


1 
2 
2. 
4 


FAVB 
TA 
FA 
FB 
® 


Assumption 
Assumption 


VF1 
VF1 
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1. FAVB Assumption 
2. TB Assumption 
a FA VF1 
4. FB VF1 

® 


Proposition E.21. 1. AASB B. 


2. BotthaAt+A—>BandBtA—B. 
Proof. 1. {F B,T A > B,T A} has a closed tableau: 


1. FB Assumption 
2, TA—-B Assumption 
ne TA Assumption 


ox 


4 FA TB —>T2 
® ® 


2. Both {FA — B,T=A} and {FA > B,T B} have closed 


tableaux: 

1. FA—-B Assumption 
2. TAA Assumption 
3. TA —F1 

4. FB —F1 

5. FA aT 2 

® 

1. FA—-B Assumption 
2. TB Assumption 
3. TA —F1 

4 FB —F1 
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E.g Soundness 


A derivation system, such as tableaux, is sound if it cannot derive 
things that do not actually hold. Soundness is thus a kind of 
guaranteed safety property for derivation systems. Depending 
on which proof theoretic property is in question, we would like 
to know for instance, that 


1. every derivable A is a tautology; 


2. if a sentence is derivable from some others, it is also a 
consequence of them; 


3. if a set of sentences is inconsistent, it is unsatisfiable. 


These are important properties of a derivation system. If any of 
them do not hold, the derivation system is deficient—it would 
derive too much. Consequently, establishing the soundness of 
a derivation system is of the utmost importance. 

Because all these proof-theoretic properties are defined via 
closed tableaux of some kind or other, proving (1)—(3) above re- 
quires proving something about the semantic properties of closed 
tableaux. We will first define what it means for a signed formula 
to be satisfied in a structure, and then show that if a tableau 
is closed, no structure satisfies all its assumptions. (1)—(3) then 
follow as corollaries from this result. 


Definition E.22. A valuation v satisfies a signed formula T A iff 
v & A, and it satisfies FA iff v ¥ A. v satisfies a set of signed 
formulas I iff it satisfies every $A ¢ I’. I is satisfiable if there is 
a valuation that satisfies it, and unsatisfiable otherwise. 


Theorem E.23 (Soundness). /fI has a closed tableau, I’ is un- 
satisfiable. 
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Proof. Let’s call a branch of a tableau satisfiable iff the set of 
signed formulas on it is satisfiable, and let’s call a tableau satisfi- 
able if it contains at least one satisfiable branch. 

We show the following: Extending a satisfiable tableau by one 
of the rules of inference always results in a satisfiable tableau. 
This will prove the theorem: any closed tableau results by apply- 
ing rules of inference to the tableau consisting only of assump- 
tions from I. So if I were satisfiable, any tableau for it would be 
satisfiable. A closed tableau, however, is clearly not satisfiable: 
every branch contains both T A and F A, and no structure can 
both satisfy and not satisfy A. 

Suppose we have a satisfiable tableau, i.e., a tableau with at 
least one satisfiable branch. Applying a rule of inference either 
adds signed formulas to a branch, or splits a branch in two. If 
the tableau has a satisfiable branch which is not extended by the 
rule application in question, it remains a satisfiable branch in 
the extended tableau, so the extended tableau is satisfiable. So 
we only have to consider the case where a rule is applied to a 
satisfiable branch. 

Let I’ be the set of signed formulas on that branch, and let 
S A €T be the signed formula to which the rule is applied. If the 
rule does not result in a split branch, we have to show that the 
extended branch, i.e., / together with the conclusions of the rule, 
is still satisfiable. If the rule results in a split branch, we have to 
show that at least one of the two resulting branches is satisfiable. 

First, we consider the possible inferences that do not result in 
a split branch. 


1. The branch is expanded by applying =T to T7B ¢« TI. 
Then the extended branch contains the signed formulas 
I U{F B}. Suppose v + I. In particular, v — =~B. Thus, 
v £ B, i.e., v satisfies F B. 


2. The branch is expanded by applying —F to FAB € I’: Ex- 
ercise. 
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3. 


The branch is expanded by applying AT to TB AC €T, 
which results in two new signed formulas on the branch: 
T Band TC. Suppose v £ I, in particular v + BAC. Then 
vt Band vt C. This means that v satisfies both T B and 
TC. 


. The branch is expanded by applying VF to FBV C «IT: 


Exercise. 


. The branch is expanded by applying ~FtoFB—>C eT: 


This results in two new signed formulas on the branch: T B 
and FC. Suppose v £ I, in particular v ¥ B > C. Then 
v + Band v# C. This means that v satisfies both T B and 
FC. 


Now let’s consider the possible inferences that result in a split 
branch. 


1. 


The branch is expanded by applying AF to FBAC «T, 
which results in two branches, a left one continuing through 
F B and a right one through F C’.. Suppose v £ I, in partic- 
ular vE BAC. Then v £ B or v £ C. In the former case, v 
satisfies F B, i.e., v satisfies the formulas on the left branch. 
In the latter, v satisfies F C, i.e., v satisfies the formulas on 
the right branch. 


. The branch is expanded by applying VT to TBVC e€T: 


Exercise. 


. The branch is expanded by applying ~TtoTB—>CeT: 


Exercise. 


. The branch is expanded by Cut: This results in two 


branches, one containing T B, the other containing F B. 
Since v — I and either v F B or v £ B, v satisfies either the 
left or the right branch. Oo 
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Corollary E.24. [f+ A then A is a tautology. 


Corollary E.25. [ff + A thenT & A. 


Proof. If + Athen for some Bj,..., B, € [', {F A, T By,...,T By} 
has a closed tableau. By Theorem E.23, every valuation v either 
makes some B; false or makes A true. Hence, if v — I then also 
vEA. Oo 


Corollary E.26. [fT is satisfiable, then it is consistent. 


Proof. We prove the contrapositive. Suppose that I" is not con- 
sistent. Then there are Bi, ..., B, € [ and a closed tableau for 
{T B,,...,T By}. By Theorem E.23, there is no v such that v § B; 
for all i=1,..., m. But then I is not satisfiable. Oo 


Problems 
Problem E.1. Give closed tableaux of the following: 
1. TAA(BAC),F(ANB)AC. 


2. TAV(BVC),F(AVB)VC. 


3. TA> (B-C),FBO(A-C). 


4. TA,F AAA. 


Problem E.2. Give closed tableaux of the following: 


1. T(AVB)>C,FA->C. 


bo 


~ TAS C)A(B-0C),F(AVB) OC. 
3. FA(A AAA). 


4. TB A,FAA—-=B. 
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5. F(A> 7A) > AA. 
6. FA(A— B) > -B. 
7. TAS C,FA(AA AC). 
8. TAA 7AC,F A(A— C). 


g. TAV B,7B,F A. 


10. TanAV AB,F-7(A A B). 
11. F(-4A A 7B) > 7(AV B). 
12. FA(A Vv B) > (AAA HB). 
Problem E.3. Give closed tableaux of the following: 
1. TA(A— B),FA. 
2. TA(AA B),FAAV =AB. 
3. TA> B,FAAVB. 
4. FAnA> A. 
5. TA? B,T7A> BF B. 
6. TAA B) > C,F(ASC)V(B-C). 
7. TAB) AFA. 
8. F(A> B)V (BC). 
Problem E.4. Prove Proposition E.13 
Problem E.5. Prove that [+ —A iff FU {A} is inconsistent. 


Problem E.6. Complete the proof of Theorem E.23. 
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The 


Completeness 
Theorem 


F.1 Introduction 


The completeness theorem is one of the most fundamental re- 
sults about logic. It comes in two formulations, the equivalence 
of which we'll prove. In its first formulation it says something fun- 
damental about the relationship between semantic consequence 
and our derivation system: if a sentence A follows from some sen- 
tences I’, then there is also a derivation that establishes [+ A. 
Thus, the derivation system is as strong as it can possibly be 
without proving things that don’t actually follow. 

In its second formulation, it can be stated as a model exis- 
tence result: every consistent set of sentences is satisfiable. Con- 
sistency is a proof-theoretic notion: it says that our derivation 
system is unable to produce certain derivations. But who’s to say 
that just because there are no derivations of a certain sort from I’, 
it’s guaranteed that there is valuation v with v — I? Before the 
completeness theorem was first proved—in fact before we had the 
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derivation systems we now do—the great German mathematician 
David Hilbert held the view that consistency of mathematical the- 
ories guarantees the existence of the objects they are about. He 
put it as follows in a letter to Gottlob Frege: 


If the arbitrarily given axioms do not contradict one 
another with all their consequences, then they are 
true and the things defined by the axioms exist. This 
is for me the criterion of truth and existence. 


Frege vehemently disagreed. The second formulation of the com- 
pleteness theorem shows that Hilbert was right in at least the 
sense that if the axioms are consistent, then some valuation exists 
that makes them all true. 

These aren’t the only reasons the completeness theorem—or 
rather, its proof—is important. It has a number of important con- 
sequences, some of which we'll discuss separately. For instance, 
since any derivation that shows [+ A is finite and so can only 
use finitely many of the sentences in J’, it follows by the com- 
pleteness theorem that if A is a consequence of J’, it is already 
a consequence of a finite subset of I’. This is called compactness. 
Equivalently, if every finite subset of I is consistent, then I itself 
must be consistent. 

Although the compactness theorem follows from the com- 
pleteness theorem via the detour through derivations, it is also 
possible to use the the proof of the completeness theorem to estab- 
lish it directly. For what the proof does is take a set of sentences 
with a certain property—consistency—and constructs a structure 
out of this set that has certain properties (in this case, that it sat- 
isfies the set). Almost the very same construction can be used to 
directly establish compactness, by starting from “finitely satisfi- 
able” sets of sentences instead of consistent ones. 
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F.2 Outline of the Proof 


The proof of the completeness theorem is a bit complex, and 
upon first reading it, it is easy to get lost. So let us outline the 
proof. The first step is a shift of perspective, that allows us to see 
a route to a proof. When completeness is thought of as “whenever 
I+ Athen /'+ A,” it may be hard to even come up with an idea: 
for to show that [+ A we have to find a derivation, and it does 
not look like the hypothesis that [+ A helps us for this in any 
way. For some proof systems it is possible to directly construct 
a derivation, but we will take a slightly different approach. The 
shift in perspective required is this: completeness can also be 
formulated as: “if I is consistent, it is satisfiable.” Perhaps we 
can use the information in I’ together with the hypothesis that it 
is consistent to construct a valuation that satisfies every formula 
in I’. After all, we know what kind of valuation we are looking 
for: one that is as I’ describes it! 

If [ contains only propositional variables, it is easy to con- 
struct a model for it. All we have to do is come up with a val- 
uation v such that v — p for all p ¢ I. Well, let v(p) = T iff 
pel. 

Now suppose I’ contains some formula —B, with B atomic. 
We might worry that the construction of v interferes with the 
possibility of making —B true. But here’s where the consistency 
of I comes in: if «B € I, then B ¢ I, or else I would be 
inconsistent. And if B ¢ I’, then according to our construction 
of v, v¢ B, so ve 7B. So far so good. 

What if [ contains complex, non-atomic formulas? Say it 
contains A A B. To make that true, we should proceed as if both 
A and B were in J’. And if AV B € I, then we will have to make 
at least one of them true, i.e., proceed as if one of them was in I’. 

This suggests the following idea: we add additional formulas 
to I’ so as to (a) keep the resulting set consistent and (b) make 
sure that for every possible atomic sentence A, either A is in the 
resulting set, or —A is, and (c) such that, whenever A A B is in 
the set, so are both A and B, if AV B is in the set, at least one of 
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A or B is also, etc. We keep doing this (potentially forever). Call 
the set of all formulas so added [*. Then our construction above 
would provide us with a valuation v for which we could prove, 
by induction, that it satisfies all sentences in /*, and hence also 
all sentence in IT since  C J“. It turns out that guaranteeing 
(a) and (b) is enough. A set of sentences for which (b) holds is 
called complete. So our task will be to extend the consistent set 
to a consistent and complete set /™. 

So here’s what we'll do. First we investigate the properties of 
complete consistent sets, in particular we prove that a complete 
consistent set contains A A B iff it contains both A and B, AV B 
iff it contains at least one of them, etc. (Proposition F.2). We'll 
then take the consistent set [ and show that it can be extended 
to a consistent and complete set 7* (Lemma F.3). This set I* 
is what we'll use to define our valuation v(/“*). The valuation is 
determined by the propositional variables in [’* (Definition F.4). 
We'll use the properties of complete consistent sets to show that 
indeed v(I") & A iff A ¢ I™ (Lemma F'5), and thus in particular, 
oT*) eT. 


F.3 Complete Consistent Sets of Sentences 


Definition F.1 (Complete set). A set I of sentences is complete 
iff for any sentence A, either A¢ IT or ~A eT. 


Complete sets of sentences leave no questions unanswered. 
For any sentence A, I “says” if A is true or false. The impor- 
tance of complete sets extends beyond the proof of the complete- 
ness theorem. A theory which is complete and axiomatizable, for 
instance, is always decidable. 

Complete consistent sets are important in the completeness 
proof since we can guarantee that every consistent set of sen- 
tences I’ is contained in a complete consistent set 7". A complete 
consistent set contains, for each sentence A, either A or its nega- 
tion —A, but not both. This is true in particular for propositional 
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variables, so from a complete consistent set, we can construct 
a valuation where the truth value assigned to propositional vari- 
ables is defined according to which propositional variables are 
in J. This valuation can then be shown to make all sentences 
in J (and hence also all those in J) true. The proof of this latter 
fact requires that -A € /* iff A¢I*, (AV B) € I* iff A ¢ I* or 
Bel”, etc. 

In what follows, we will often tacitly use the properties of 
reflexivity, monotonicity, and transitivity of + (see appendices D.6 
and E.6). 


Proposition F.2. Suppose I is complete and consistent. Then: 
fel) Ie eA there tecv in, 
2ANANBET iffbothAcTl andBeTl. 
3 AVBET iffeitherAcT orBeT. 


4. ABET iffeithrA¢I orBeT. 


Proof. Let us suppose for all of the following that I’ is complete 
and consistent. 


1. If f+ A, then AeET. 


Suppose that [ + A. Suppose to the contrary that A ¢ 
I. Since I is complete, =A € I. By Propositions E.17 
and D.24, I is inconsistent. This contradicts the assump- 
tion that I is consistent. Hence, it cannot be the case that 
A€I,soAeTl. 


2. Exercise. 


3. First we show that if AV Be, theneither A ¢lorBeT. 
Suppose AVBel but A¢gI and B¢T. Since I is com- 
plete, A ¢ F and -B € I. By Propositions E.20 and D.27, 
item (1), [ is inconsistent, a contradiction. Hence, either 
AelorBel. 
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For the reverse direction, suppose that A ¢ T or BET. By 
Propositions E.20 and D.27, item (2), 7 + AV B. By (1), 
AV BeT, as required. 


4. Exercise. Oo 


F.4. Lindenbaum’s Lemma 


We now prove a lemma that shows that any consistent set of sen- 
tences is contained in some set of sentences which is not just 
consistent, but also complete. The proof works by adding one 
sentence at a time, guaranteeing at each step that the set remains 
consistent. We do this so that for every A, either A or =A gets 
added at some stage. The union of all stages in that construction 
then contains either A or its negation =A and is thus complete. 
It is also consistent, since we made sure at each stage not to in- 
troduce an inconsistency. 


Lemma F.3 (Lindenbaum’s Lemma). Every consistent set I’ in 
a language £ can be extended to a complete and consistent set I“. 


Proof. Let I be consistent. Let Ag, Ai, ... be an enumeration of 
all the sentences of &. Define yp = I’, and 


Pas I, U{An} if , U {An} is consistent; 
aaa I, U{7AA,} otherwise. 


Let I” = Uysoln- 

Each I, is consistent: JI is consistent by definition. If 
Int = Tn, U {An}, this is because the latter is consistent. If it 
isn’t, In4i = I, U {=A}. We have to verify that I, U {=A,} is 
consistent. Suppose it’s not. Then both I, U{A,} and I, U {=A,} 
are inconsistent. This means that [, would be inconsistent by 
Propositions E.18 and D.25, contrary to the induction hypothe- 
sis. 
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For every n and every i < n, I; C I;. This follows by a simple 
induction on n. For n = 0, there are no i < 0, so the claim holds 
automatically. For the inductive step, suppose it is true for n. 
We have [nai = In U {An} or = I, U {7An} by construction. So 
In © Ing. If i < n, then P; C I, by inductive hypothesis, and so 
C In41 by transitivity of C. 

From this it follows that every finite subset of [“ is a subset 
of I, for some n, since each B € I™ not already in J is added at 
some stage 7. If n is the last one of these, then all B in the finite 
subset are in [,. So, every finite subset of J* is consistent. By 
Propositions E.14 and D.18, I™* is consistent. 

Every sentence of Frm(&) appears on the list used to de- 
fine J*. If A, ¢ I’, then that is because , U {Ay} was inconsis- 
tent. But then —A, € I“, so J* is complete. Oo 


F.5 Construction of a Model 


We are now ready to define a valuation that makes all A ¢ I 
true. To do this, we first apply Lindenbaum’s Lemma: we get a 
complete consistent /* 2 I’. We let the propositional variables 
in [* determine v(/*). 


Definition F.4. Suppose /™ is a complete consistent set of for- 
mulas. Then we let 
T ifper* 


v(I")(p) = ( ifper 


Lemma F.5 (Truth Lemma). v(/“*) § A iffAeI™. 


Proof. We prove both directions simultaneously, and by induction 
on A. 


1.A= 1: v(I*) & 1 by definition of satisfaction. On the 
other hand, . ¢ /* since ™* is consistent. 
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2, A= p: v(I*) & p iff v*)(p) = T (by the definition of 
satisfaction) iff p ¢ * (by the construction of v(/™)). 


3. A= AB: vl") & A iff v0") & B (by definition of satisfac- 
tion). By induction hypothesis, v(/™*) # B iff B ¢ I’*. Since 
I is consistent and complete, B ¢ J” iff =B <I”. 


4. A= BAC: exercise. 


5. A= BVC: vil") A iff v™) & Bor v(U™) & C (by def- 
inition of satisfaction) iff B « I* or C € I™* (by induction 
hypothesis). This is the case iff (B v C) € I™ (by Proposi- 
tion F.2(3)). 


6. A=B-—C: exercise. 


F.6 The Completeness Theorem 


Let’s combine our results: we arrive at the completeness theo- 
rem. 


Theorem F.6 (Completeness Theorem). Let I be a set of sen- 
tences. If I’ is consistent, it is satisfiable. 


Proof. Suppose I is consistent. By Lemma F.3, there is a [* 3 
which is consistent and complete. By Lemma F.5, v(/™*) & A iff 
A ¢€I™. From this it follows in particular that for all A <€ TI, 
v(I*) & A, so I is satisfiable. Oo 


Corollary F.7 (Completeness Theorem, Second Version). 
For all I’ and sentences A: iff & A then’ + A. 


Proof. Note that the I’s in Corollary F.7 and Theorem F.6 are 
universally quantified. To make sure we do not confuse ourselves, 
let us restate Theorem F.6 using a different variable: for any set of 
sentences J, if 4 is consistent, it is satisfiable. By contraposition, 
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if 4 is not satisfiable, then 4 is inconsistent. We will use this to 
prove the corollary. 

Suppose that [+ A. Then IU {—4} is unsatisfiable by Propo- 
sition C.21. Taking I U {4A} as our J, the previous version of 
Theorem F.6 gives us that I U {=A} is inconsistent. By Proposi- 
tions E.16 and D.23, + A. Oo 


Problems 
Problem F.1. Complete the proof of Proposition F.2. 
Problem F.2. Complete the proof of Lemma F.5. 


Problem F.3. Use Corollary F.7 to prove Theorem F.6, thus 
showing that the two formulations of the completeness theorem 
are equivalent. 


Problem F.4. In order for a derivation system to be complete, 
its rules must be strong enough to prove every unsatisfiable set 
inconsistent. Which of the rules of derivation were necessary to 
prove completeness? Are any of these rules not used anywhere 
in the proof? In order to answer these questions, make a list or 
diagram that shows which of the rules of derivation were used in 
which results that lead up to the proof of Theorem F.6. Be sure 
to note any tacit uses of rules in these proofs. 
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